diff --git a/sdk_container/src/third_party/portage-stable/.github/workflows/packages-list b/sdk_container/src/third_party/portage-stable/.github/workflows/packages-list
index 7492e9e17a..2e4f0218bf 100644
--- a/sdk_container/src/third_party/portage-stable/.github/workflows/packages-list
+++ b/sdk_container/src/third_party/portage-stable/.github/workflows/packages-list
@@ -1,5 +1,61 @@
# Please keep the list sorted!
+acct-group/adm
+acct-group/audio
+acct-group/cdrom
+acct-group/dialout
+acct-group/disk
+acct-group/dnsmasq
+acct-group/input
+acct-group/kmem
+acct-group/kvm
+acct-group/lp
+acct-group/man
+acct-group/messagebus
+acct-group/netperf
+acct-group/nobody
+acct-group/ntp
+acct-group/pcap
+acct-group/polkitd
+acct-group/portage
+acct-group/render
+acct-group/root
+acct-group/sgx
+acct-group/sshd
+acct-group/systemd-coredump
+acct-group/systemd-journal
+acct-group/systemd-journal-remote
+acct-group/systemd-network
+acct-group/systemd-oom
+acct-group/systemd-resolve
+acct-group/systemd-timesync
+acct-group/tape
+acct-group/tss
+acct-group/tty
+acct-group/users
+acct-group/utmp
+acct-group/video
+acct-group/wheel
+
+acct-user/dnsmasq
+acct-user/man
+acct-user/messagebus
+acct-user/netperf
+acct-user/nobody
+acct-user/ntp
+acct-user/pcap
+acct-user/polkitd
+acct-user/portage
+acct-user/root
+acct-user/sshd
+acct-user/systemd-coredump
+acct-user/systemd-journal-remote
+acct-user/systemd-network
+acct-user/systemd-oom
+acct-user/systemd-resolve
+acct-user/systemd-timesync
+acct-user/tss
+
app-alternatives/awk
app-alternatives/yacc
@@ -66,6 +122,8 @@ dev-util/strace
dev-vcs/git
+eclass/acct-group.eclass
+eclass/acct-user.eclass
eclass/alternatives.eclass
eclass/app-alternatives.eclass
eclass/autotools.eclass
@@ -103,6 +161,7 @@ eclass/systemd.eclass
eclass/tmpfiles.eclass
eclass/toolchain-funcs.eclass
eclass/toolchain.eclass
+eclass/user-info.eclass
# This file is modified by us to be an empty file, so can't be synced for now.
#
# eclass/usr-ldscript.eclass
diff --git a/sdk_container/src/third_party/portage-stable/acct-group/pcap/metadata.xml b/sdk_container/src/third_party/portage-stable/acct-group/pcap/metadata.xml
index 924d866a79..b75adbf441 100644
--- a/sdk_container/src/third_party/portage-stable/acct-group/pcap/metadata.xml
+++ b/sdk_container/src/third_party/portage-stable/acct-group/pcap/metadata.xml
@@ -5,10 +5,6 @@
zlogene@gentoo.org
Mikle Kolyada
-
- bman@gentoo.org
- Aaron Bauman
-
sam@gentoo.org
Sam James
diff --git a/sdk_container/src/third_party/portage-stable/acct-user/pcap/metadata.xml b/sdk_container/src/third_party/portage-stable/acct-user/pcap/metadata.xml
index 924d866a79..b75adbf441 100644
--- a/sdk_container/src/third_party/portage-stable/acct-user/pcap/metadata.xml
+++ b/sdk_container/src/third_party/portage-stable/acct-user/pcap/metadata.xml
@@ -5,10 +5,6 @@
zlogene@gentoo.org
Mikle Kolyada
-
- bman@gentoo.org
- Aaron Bauman
-
sam@gentoo.org
Sam James
diff --git a/sdk_container/src/third_party/portage-stable/eclass/acct-group.eclass b/sdk_container/src/third_party/portage-stable/eclass/acct-group.eclass
index b309d36432..f55c9f4c95 100644
--- a/sdk_container/src/third_party/portage-stable/eclass/acct-group.eclass
+++ b/sdk_container/src/third_party/portage-stable/eclass/acct-group.eclass
@@ -1,9 +1,10 @@
-# Copyright 2019-2021 Gentoo Authors
+# Copyright 2019-2022 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
# @ECLASS: acct-group.eclass
# @MAINTAINER:
# Michał Górny
+# Mike Gilbert
# @AUTHOR:
# Michael Orlitzky
# Michał Górny
@@ -40,7 +41,7 @@ case ${EAPI:-0} in
*) die "EAPI=${EAPI:-0} not supported";;
esac
-inherit user
+inherit user-info
[[ ${CATEGORY} == acct-group ]] ||
die "Ebuild error: this eclass can be used only in acct-group category!"
@@ -48,7 +49,7 @@ inherit user
# << Eclass variables >>
-# @ECLASS-VARIABLE: ACCT_GROUP_NAME
+# @ECLASS_VARIABLE: ACCT_GROUP_NAME
# @INTERNAL
# @DESCRIPTION:
# The name of the group. This is forced to ${PN} and the policy
@@ -56,7 +57,7 @@ inherit user
ACCT_GROUP_NAME=${PN}
readonly ACCT_GROUP_NAME
-# @ECLASS-VARIABLE: ACCT_GROUP_ID
+# @ECLASS_VARIABLE: ACCT_GROUP_ID
# @REQUIRED
# @DESCRIPTION:
# Preferred GID for the new group. This variable is obligatory, and its
@@ -66,7 +67,7 @@ readonly ACCT_GROUP_NAME
# Overlays should set this to -1 to dynamically allocate GID. Using -1
# in ::gentoo is prohibited by policy.
-# @ECLASS-VARIABLE: ACCT_GROUP_ENFORCE_ID
+# @ECLASS_VARIABLE: ACCT_GROUP_ENFORCE_ID
# @DESCRIPTION:
# If set to a non-null value, the eclass will require the group to have
# specified GID. If the group already exists with another GID, or
@@ -77,7 +78,7 @@ readonly ACCT_GROUP_NAME
# << Boilerplate ebuild variables >>
: ${DESCRIPTION:="System group: ${ACCT_GROUP_NAME}"}
: ${SLOT:=0}
-: ${KEYWORDS:=alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 ~riscv s390 sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris}
+: ${KEYWORDS:=alpha amd64 arm arm64 hppa ia64 ~loong m68k ~mips ppc ppc64 ~riscv s390 sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris}
S=${WORKDIR}
@@ -156,8 +157,30 @@ acct-group_src_install() {
acct-group_pkg_preinst() {
debug-print-function ${FUNCNAME} "${@}"
- enewgroup ${ACCT_GROUP_ENFORCE_ID:+-F} "${ACCT_GROUP_NAME}" \
- "${_ACCT_GROUP_ID}"
+ if [[ ${EUID} -ne 0 || -n ${EPREFIX} ]]; then
+ einfo "Insufficient privileges to execute ${FUNCNAME[0]}"
+ return
+ fi
+
+ if egetent group "${ACCT_GROUP_NAME}" >/dev/null; then
+ elog "Group ${ACCT_GROUP_NAME} already exists"
+ return
+ fi
+
+ local opts=( --system )
+
+ if [[ ${_ACCT_GROUP_ID} -ne -1 ]] &&
+ ! egetent group "${_ACCT_GROUP_ID}" >/dev/null
+ then
+ opts+=( --gid "${_ACCT_GROUP_ID}" )
+ fi
+
+ if [[ -n ${ROOT} ]]; then
+ opts+=( --prefix "${ROOT}" )
+ fi
+
+ elog "Adding group ${ACCT_GROUP_NAME}"
+ groupadd "${opts[@]}" "${ACCT_GROUP_NAME}" || die
}
fi
diff --git a/sdk_container/src/third_party/portage-stable/eclass/acct-user.eclass b/sdk_container/src/third_party/portage-stable/eclass/acct-user.eclass
index cf47470c15..14fda76ced 100644
--- a/sdk_container/src/third_party/portage-stable/eclass/acct-user.eclass
+++ b/sdk_container/src/third_party/portage-stable/eclass/acct-user.eclass
@@ -1,9 +1,10 @@
-# Copyright 2019-2021 Gentoo Authors
+# Copyright 2019-2022 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
# @ECLASS: acct-user.eclass
# @MAINTAINER:
# Michał Górny
+# Mike Gilbert
# @AUTHOR:
# Michael Orlitzky
# Michał Górny
@@ -48,7 +49,7 @@ case ${EAPI:-0} in
*) die "EAPI=${EAPI:-0} not supported";;
esac
-inherit user
+inherit user-info
[[ ${CATEGORY} == acct-user ]] ||
die "Ebuild error: this eclass can be used only in acct-user category!"
@@ -56,7 +57,7 @@ inherit user
# << Eclass variables >>
-# @ECLASS-VARIABLE: ACCT_USER_NAME
+# @ECLASS_VARIABLE: ACCT_USER_NAME
# @INTERNAL
# @DESCRIPTION:
# The name of the user. This is forced to ${PN} and the policy prohibits
@@ -64,7 +65,7 @@ inherit user
ACCT_USER_NAME=${PN}
readonly ACCT_USER_NAME
-# @ECLASS-VARIABLE: ACCT_USER_ID
+# @ECLASS_VARIABLE: ACCT_USER_ID
# @REQUIRED
# @DESCRIPTION:
# Preferred UID for the new user. This variable is obligatory, and its
@@ -74,33 +75,35 @@ readonly ACCT_USER_NAME
# Overlays should set this to -1 to dynamically allocate UID. Using -1
# in ::gentoo is prohibited by policy.
-# @ECLASS-VARIABLE: _ACCT_USER_ALREADY_EXISTS
-# @INTERNAL
-# @DESCRIPTION:
-# Status variable which indicates if user already exists.
-
-# @ECLASS-VARIABLE: ACCT_USER_ENFORCE_ID
+# @ECLASS_VARIABLE: ACCT_USER_ENFORCE_ID
# @DESCRIPTION:
# If set to a non-null value, the eclass will require the user to have
# specified UID. If the user already exists with another UID, or
# the UID is taken by another user, the install will fail.
: ${ACCT_USER_ENFORCE_ID:=}
-# @ECLASS-VARIABLE: ACCT_USER_NO_MODIFY
+# @ECLASS_VARIABLE: ACCT_USER_NO_MODIFY
# @DEFAULT_UNSET
# @DESCRIPTION:
# If set to a non-null value, the eclass will not make any changes
# to an already existing user.
: ${ACCT_USER_NO_MODIFY:=}
-# @ECLASS-VARIABLE: ACCT_USER_SHELL
+# @ECLASS_VARIABLE: ACCT_USER_COMMENT
+# @DEFAULT_UNSET
+# @DESCRIPTION:
+# The comment to use for the user. If not specified, the package
+# DESCRIPTION will be used. This can be overridden in make.conf through
+# ACCT_USER__COMMENT variable.
+
+# @ECLASS_VARIABLE: ACCT_USER_SHELL
# @DESCRIPTION:
# The shell to use for the user. If not specified, a 'nologin' variant
# for the system is used. This can be overriden in make.conf through
# ACCT_USER__SHELL variable.
-: ${ACCT_USER_SHELL:=-1}
+: ${ACCT_USER_SHELL:=/sbin/nologin}
-# @ECLASS-VARIABLE: ACCT_USER_HOME
+# @ECLASS_VARIABLE: ACCT_USER_HOME
# @DESCRIPTION:
# The home directory for the user. If not specified, /dev/null is used.
# The directory will be created with appropriate permissions if it does
@@ -109,7 +112,7 @@ readonly ACCT_USER_NAME
# ACCT_USER__HOME variable.
: ${ACCT_USER_HOME:=/dev/null}
-# @ECLASS-VARIABLE: ACCT_USER_HOME_OWNER
+# @ECLASS_VARIABLE: ACCT_USER_HOME_OWNER
# @DEFAULT_UNSET
# @DESCRIPTION:
# The ownership to use for the home directory, in chown ([user][:group])
@@ -117,14 +120,14 @@ readonly ACCT_USER_NAME
# This can be overriden in make.conf through
# ACCT_USER__HOME_OWNER variable.
-# @ECLASS-VARIABLE: ACCT_USER_HOME_PERMS
+# @ECLASS_VARIABLE: ACCT_USER_HOME_PERMS
# @DESCRIPTION:
# The permissions to use for the home directory, in chmod (octal
# or verbose) form. This can be overriden in make.conf through
# ACCT_USER__HOME_PERMS variable.
: ${ACCT_USER_HOME_PERMS:=0755}
-# @ECLASS-VARIABLE: ACCT_USER_GROUPS
+# @ECLASS_VARIABLE: ACCT_USER_GROUPS
# @REQUIRED
# @DESCRIPTION:
# List of groups the user should belong to. This must be a bash
@@ -141,7 +144,7 @@ readonly ACCT_USER_NAME
# << Boilerplate ebuild variables >>
: ${DESCRIPTION:="System user: ${ACCT_USER_NAME}"}
: ${SLOT:=0}
-: ${KEYWORDS:=alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 ~riscv s390 sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris}
+: ${KEYWORDS:=alpha amd64 arm arm64 hppa ia64 ~loong m68k ~mips ppc ppc64 ~riscv s390 sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris}
S=${WORKDIR}
@@ -178,7 +181,7 @@ acct-user_add_deps() {
eislocked() {
[[ $# -eq 1 ]] || die "usage: ${FUNCNAME} "
- if [[ ${EUID} != 0 ]]; then
+ if [[ ${EUID} -ne 0 || -n ${EPREFIX} ]]; then
einfo "Insufficient privileges to execute ${FUNCNAME[0]}"
return 0
fi
@@ -195,102 +198,19 @@ eislocked() {
*)
# NB: 'no password' and 'locked' are indistinguishable
# but we also expire the account which is more clear
- [[ $(getent shadow "$1" | cut -d: -f2) == '!'* ]] &&
- [[ $(getent shadow "$1" | cut -d: -f8) == 1 ]]
+ local shadow
+ if [[ -n "${ROOT}" ]]; then
+ shadow=$(grep "^$1:" "${ROOT}/etc/shadow")
+ else
+ shadow=$(getent shadow "$1")
+ fi
+
+ [[ $( echo ${shadow} | cut -d: -f2) == '!'* ]] &&
+ [[ $(echo ${shadow} | cut -d: -f8) == 1 ]]
;;
esac
}
-# @FUNCTION: elockuser
-# @USAGE:
-# @INTERNAL
-# @DESCRIPTION:
-# Lock the specified user account, using the available platform-specific
-# functions. This should prevent any login to the account.
-#
-# Established lock can be reverted using eunlockuser.
-#
-# This function returns 0 if locking succeeded, 2 if it is not supported
-# by the platform code or dies if it fails.
-elockuser() {
- [[ $# -eq 1 ]] || die "usage: ${FUNCNAME} "
-
- if [[ ${EUID} != 0 ]]; then
- einfo "Insufficient privileges to execute ${FUNCNAME[0]}"
- return 0
- fi
-
- eislocked "$1"
- [[ $? -eq 0 ]] && return 0
-
- case ${CHOST} in
- *-freebsd*|*-dragonfly*)
- pw lock "$1" || die "Locking account $1 failed"
- pw user mod "$1" -e 1 || die "Expiring account $1 failed"
- ;;
-
- *-netbsd*)
- usermod -e 1 -C yes "$1" || die "Locking account $1 failed"
- ;;
-
- *-openbsd*)
- return 2
- ;;
-
- *)
- usermod -e 1 -L "$1" || die "Locking account $1 failed"
- ;;
- esac
-
- elog "User account $1 locked"
- return 0
-}
-
-# @FUNCTION: eunlockuser
-# @USAGE:
-# @INTERNAL
-# @DESCRIPTION:
-# Unlock the specified user account, using the available platform-
-# specific functions.
-#
-# This function returns 0 if unlocking succeeded, 1 if it is not
-# supported by the platform code or dies if it fails.
-eunlockuser() {
- [[ $# -eq 1 ]] || die "usage: ${FUNCNAME} "
-
- if [[ ${EUID} != 0 ]]; then
- einfo "Insufficient privileges to execute ${FUNCNAME[0]}"
- return 0
- fi
-
- eislocked "$1"
- [[ $? -eq 1 ]] && return 0
-
- case ${CHOST} in
- *-freebsd*|*-dragonfly*)
- pw user mod "$1" -e 0 || die "Unexpiring account $1 failed"
- pw unlock "$1" || die "Unlocking account $1 failed"
- ;;
-
- *-netbsd*)
- usermod -e 0 -C no "$1" || die "Unlocking account $1 failed"
- ;;
-
- *-openbsd*)
- return 1
- ;;
-
- *)
- # silence warning if account does not have a password
- usermod -e "" -U "$1" 2>/dev/null || die "Unlocking account $1 failed"
- ;;
- esac
-
- ewarn "User account $1 unlocked after reinstating."
- return 0
-}
-
-
# << Phase functions >>
EXPORT_FUNCTIONS pkg_pretend src_install pkg_preinst pkg_postinst \
pkg_prerm
@@ -350,6 +270,9 @@ acct-user_pkg_pretend() {
acct-user_src_install() {
debug-print-function ${FUNCNAME} "${@}"
+ # Replace reserved characters in comment
+ : ${ACCT_USER_COMMENT:=${DESCRIPTION//[:,=]/;}}
+
# serialize for override support
local ACCT_USER_GROUPS=${ACCT_USER_GROUPS[*]}
@@ -357,7 +280,7 @@ acct-user_src_install() {
local override_name=${ACCT_USER_NAME^^}
override_name=${override_name//-/_}
local var
- for var in ACCT_USER_{ID,SHELL,HOME{,_OWNER,_PERMS},GROUPS}; do
+ for var in ACCT_USER_{ID,COMMENT,SHELL,HOME{,_OWNER,_PERMS},GROUPS}; do
local var_name=ACCT_USER_${override_name}_${var#ACCT_USER_}
if [[ -n ${!var_name} ]]; then
ewarn "${var_name}=${!var_name} override in effect, support will not be provided."
@@ -372,6 +295,10 @@ acct-user_src_install() {
_ACCT_USER_GROUPS+=" ${!var_name}"
fi
+ if [[ -n ${_ACCT_USER_COMMENT//[^:,=]} ]]; then
+ die "Invalid characters in user comment: '${_ACCT_USER_COMMENT//[^:,=]}'"
+ fi
+
# deserialize into an array
local groups=( ${_ACCT_USER_GROUPS} )
@@ -386,7 +313,7 @@ acct-user_src_install() {
printf "u\t%q\t%q\t%q\t%q\t%q\n" \
"${ACCT_USER_NAME}" \
"${_ACCT_USER_ID/#-*/-}:${groups[0]}" \
- "${DESCRIPTION//[:,=]/;}" \
+ "${_ACCT_USER_COMMENT}" \
"${_ACCT_USER_HOME}" \
"${_ACCT_USER_SHELL/#-*/-}"
if [[ ${#groups[@]} -gt 1 ]]; then
@@ -403,22 +330,54 @@ acct-user_src_install() {
acct-user_pkg_preinst() {
debug-print-function ${FUNCNAME} "${@}"
- # check if user already exists
- _ACCT_USER_ALREADY_EXISTS=
- if [[ -n $(egetent passwd "${ACCT_USER_NAME}") ]]; then
- _ACCT_USER_ALREADY_EXISTS=1
- fi
- readonly _ACCT_USER_ALREADY_EXISTS
+ unset _ACCT_USER_ADDED
- enewuser ${ACCT_USER_ENFORCE_ID:+-F} -M "${ACCT_USER_NAME}" \
- "${_ACCT_USER_ID}" "${_ACCT_USER_SHELL}" "${_ACCT_USER_HOME}" \
- "${_ACCT_USER_GROUPS// /,}"
+ if [[ ${EUID} -ne 0 || -n ${EPREFIX} ]]; then
+ einfo "Insufficient privileges to execute ${FUNCNAME[0]}"
+ return
+ fi
+
+ if egetent passwd "${ACCT_USER_NAME}" >/dev/null; then
+ elog "User ${ACCT_USER_NAME} already exists"
+ else
+ local groups=( ${_ACCT_USER_GROUPS} )
+ local aux_groups=${groups[*]:1}
+ local opts=(
+ --system
+ --no-create-home
+ --no-user-group
+ --comment "${_ACCT_USER_COMMENT}"
+ --home-dir "${_ACCT_USER_HOME}"
+ --shell "${_ACCT_USER_SHELL}"
+ --gid "${groups[0]}"
+ --groups "${aux_groups// /,}"
+ )
+
+ if [[ ${_ACCT_USER_ID} -ne -1 ]] &&
+ ! egetent passwd "${_ACCT_USER_ID}" >/dev/null
+ then
+ opts+=( --uid "${_ACCT_USER_ID}" )
+ fi
+
+ if [[ -n ${ROOT} ]]; then
+ opts+=( --prefix "${ROOT}" )
+ fi
+
+ elog "Adding user ${ACCT_USER_NAME}"
+ useradd "${opts[@]}" "${ACCT_USER_NAME}" || die
+ _ACCT_USER_ADDED=1
+ fi
if [[ ${_ACCT_USER_HOME} != /dev/null ]]; then
# default ownership to user:group
if [[ -z ${_ACCT_USER_HOME_OWNER} ]]; then
- local group_array=( ${_ACCT_USER_GROUPS} )
- _ACCT_USER_HOME_OWNER=${ACCT_USER_NAME}:${group_array[0]}
+ if [[ -n ${ROOT} ]]; then
+ local euid=$(egetent passwd ${ACCT_USER_NAME} | cut -d: -f3)
+ local egid=$(egetent passwd ${ACCT_USER_NAME} | cut -d: -f4)
+ _ACCT_USER_HOME_OWNER=${euid}:${egid}
+ else
+ _ACCT_USER_HOME_OWNER=${ACCT_USER_NAME}:${groups[0]}
+ fi
fi
# Path might be missing due to INSTALL_MASK, etc.
# https://bugs.gentoo.org/691478
@@ -440,26 +399,48 @@ acct-user_pkg_preinst() {
acct-user_pkg_postinst() {
debug-print-function ${FUNCNAME} "${@}"
- if [[ ${EUID} != 0 ]]; then
- einfo "Insufficient privileges to execute ${FUNCNAME[0]}"
- return 0
+ if [[ -n ${_ACCT_USER_ADDED} ]]; then
+ # We just added the user; no need to update it
+ return
fi
- if [[ -n ${ACCT_USER_NO_MODIFY} && -n ${_ACCT_USER_ALREADY_EXISTS} ]]; then
- eunlockuser "${ACCT_USER_NAME}"
+ if [[ ${EUID} -ne 0 || -n ${EPREFIX} ]]; then
+ einfo "Insufficient privileges to execute ${FUNCNAME[0]}"
+ return
+ fi
+ if [[ -n ${ACCT_USER_NO_MODIFY} ]]; then
ewarn "User ${ACCT_USER_NAME} already exists; Not touching existing user"
ewarn "due to set ACCT_USER_NO_MODIFY."
- return 0
+ return
fi
- # NB: eset* functions check current value
- esethome "${ACCT_USER_NAME}" "${_ACCT_USER_HOME}"
- esetshell "${ACCT_USER_NAME}" "${_ACCT_USER_SHELL}"
- esetgroups "${ACCT_USER_NAME}" "${_ACCT_USER_GROUPS// /,}"
- # comment field can not contain colons
- esetcomment "${ACCT_USER_NAME}" "${DESCRIPTION//[:,=]/;}"
- eunlockuser "${ACCT_USER_NAME}"
+ local groups=( ${_ACCT_USER_GROUPS} )
+ local aux_groups=${groups[*]:1}
+ local opts=(
+ --comment "${_ACCT_USER_COMMENT}"
+ --home "${_ACCT_USER_HOME}"
+ --shell "${_ACCT_USER_SHELL}"
+ --gid "${groups[0]}"
+ --groups "${aux_groups// /,}"
+ )
+
+ if eislocked "${ACCT_USER_NAME}"; then
+ opts+=( --expiredate "" --unlock )
+ fi
+
+ if [[ -n ${ROOT} ]]; then
+ opts+=( --prefix "${ROOT}" )
+ fi
+
+ elog "Updating user ${ACCT_USER_NAME}"
+ if ! usermod "${opts[@]}" "${ACCT_USER_NAME}" 2>"${T}/usermod-error.log"; then
+ # usermod outputs a warning if unlocking the account would result in an
+ # empty password. Hide stderr in a text file and display it if usermod
+ # fails.
+ cat "${T}/usermod-error.log" >&2
+ die "usermod failed"
+ fi
}
# @FUNCTION: acct-user_pkg_prerm
@@ -468,23 +449,44 @@ acct-user_pkg_postinst() {
acct-user_pkg_prerm() {
debug-print-function ${FUNCNAME} "${@}"
- if [[ ${EUID} != 0 ]]; then
+ if [[ -n ${REPLACED_BY_VERSION} ]]; then
+ return
+ fi
+
+ if [[ ${EUID} -ne 0 || -n ${EPREFIX} ]]; then
einfo "Insufficient privileges to execute ${FUNCNAME[0]}"
- return 0
+ return
fi
- if [[ -z ${REPLACED_BY_VERSION} ]]; then
- if [[ -z $(egetent passwd "${ACCT_USER_NAME}") ]]; then
- ewarn "User account not found: ${ACCT_USER_NAME}"
- ewarn "Locking process will be skipped."
- return
- fi
-
- esetshell "${ACCT_USER_NAME}" -1
- esetcomment "${ACCT_USER_NAME}" \
- "$(egetcomment "${ACCT_USER_NAME}"); user account removed @ $(date +%Y-%m-%d)"
- elockuser "${ACCT_USER_NAME}"
+ if [[ ${ACCT_USER_ID} -eq 0 ]]; then
+ elog "Refusing to lock out the superuser (UID 0)"
+ return
fi
+
+ if [[ -n ${ACCT_USER_NO_MODIFY} ]]; then
+ elog "Not locking user ${ACCT_USER_NAME} due to ACCT_USER_NO_MODIFY"
+ return
+ fi
+
+ if ! egetent passwd "${ACCT_USER_NAME}" >/dev/null; then
+ ewarn "User account not found: ${ACCT_USER_NAME}"
+ ewarn "Locking process will be skipped."
+ return
+ fi
+
+ local opts=(
+ --expiredate 1
+ --lock
+ --comment "$(egetcomment "${ACCT_USER_NAME}"); user account removed @ $(date +%Y-%m-%d)"
+ --shell /sbin/nologin
+ )
+
+ if [[ -n ${ROOT} ]]; then
+ opts+=( --prefix "${ROOT}" )
+ fi
+
+ elog "Locking user ${ACCT_USER_NAME}"
+ usermod "${opts[@]}" "${ACCT_USER_NAME}" || die
}
fi
diff --git a/sdk_container/src/third_party/portage-stable/eclass/user-info.eclass b/sdk_container/src/third_party/portage-stable/eclass/user-info.eclass
index 3838585ab6..b18f280c10 100644
--- a/sdk_container/src/third_party/portage-stable/eclass/user-info.eclass
+++ b/sdk_container/src/third_party/portage-stable/eclass/user-info.eclass
@@ -5,11 +5,11 @@
# @MAINTAINER:
# base-system@gentoo.org (Linux)
# Michał Górny (NetBSD)
-# @SUPPORTED_EAPIS: 6 7 8
+# @SUPPORTED_EAPIS: 7 8
# @BLURB: Read-only access to user and group information
case ${EAPI} in
- 6|7|8) ;;
+ 7|8) ;;
*) die "${ECLASS}: EAPI ${EAPI:-0} not supported" ;;
esac
@@ -23,6 +23,7 @@ _USER_INFO_ECLASS=1
# dscl (Mac OS X 10.5), and pw (FreeBSD) used in enewuser()/enewgroup().
#
# Supported databases: group passwd
+# Warning: This function can be used only in pkg_* phases when ROOT is valid.
egetent() {
local db=$1 key=$2
@@ -43,18 +44,31 @@ egetent() {
# lookup by uid/gid
local opts
if [[ ${key} == [[:digit:]]* ]] ; then
- [[ ${db} == "user" ]] && opts="-u" || opts="-g"
+ [[ ${db} == "user" ]] && opts=( -u ) || opts=( -g )
fi
+ # Handle different ROOT
+ [[ -n ${ROOT} ]] && opts+=( -R "${ROOT}" )
+
pw show ${db} ${opts} "${key}" -q
;;
*-openbsd*)
- grep "${key}:\*:" /etc/${db}
+ grep "${key}:\*:" "${EROOT}/etc/${db}"
;;
*)
- # ignore nscd output if we're not running as root
- type -p nscd >/dev/null && nscd -i "${db}" 2>/dev/null
- getent "${db}" "${key}"
+ # getent does not support -R option, if we are working on a different
+ # ROOT than /, fallback to grep technique.
+ if [[ -z ${ROOT} ]]; then
+ # ignore nscd output if we're not running as root
+ type -p nscd >/dev/null && nscd -i "${db}" 2>/dev/null
+ getent "${db}" "${key}"
+ else
+ if [[ ${key} =~ ^[[:digit:]]+$ ]]; then
+ grep -E "^([^:]*:){2}${key}" "${ROOT}/etc/${db}"
+ else
+ grep "^${key}:" "${ROOT}/etc/${db}"
+ fi
+ fi
;;
esac
}
@@ -151,7 +165,16 @@ egetgroups() {
[[ $# -eq 1 ]] || die "usage: egetgroups "
local egroups_arr
- read -r -a egroups_arr < <(id -G -n "$1")
+ if [[ -n "${ROOT}" ]]; then
+ local pgroup=$(egetent passwd "$1" | cut -d: -f1)
+ local sgroups=( $(grep -E ":([^:]*,)?$1(,[^:]*)?$" "${ROOT}/etc/group" | cut -d: -f1) )
+
+ # Remove primary group from list
+ sgroups=${sgroups#${pgroup}}
+ egroups_arr=( ${pgroup} ${sgroups[@]} )
+ else
+ read -r -a egroups_arr < <(id -G -n "$1")
+ fi
local g groups=${egroups_arr[0]}
# sort supplementary groups to make comparison possible
diff --git a/sdk_container/src/third_party/portage-stable/eclass/user.eclass b/sdk_container/src/third_party/portage-stable/eclass/user.eclass
deleted file mode 100644
index 581704eae8..0000000000
--- a/sdk_container/src/third_party/portage-stable/eclass/user.eclass
+++ /dev/null
@@ -1,590 +0,0 @@
-# Copyright 1999-2022 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-# @ECLASS: user.eclass
-# @MAINTAINER:
-# base-system@gentoo.org (Linux)
-# Michał Górny (NetBSD)
-# @SUPPORTED_EAPIS: 6 7 8
-# @BLURB: user management in ebuilds
-# @DEPRECATED: acct-user/acct-group packages
-# @DESCRIPTION:
-# The user eclass contains a suite of functions that allow ebuilds
-# to quickly make sure users in the installed system are sane.
-
-case ${EAPI} in
- 6|7) ;;
- 8)
- if [[ ${CATEGORY} != acct-* ]]; then
- eerror "In EAPI ${EAPI}, packages must not inherit user.eclass"
- eerror "unless they are in the acct-user or acct-group category."
- eerror "Migrate your package to GLEP 81 user/group management,"
- eerror "or inherit user-info if you need only the query functions."
- die "Invalid \"inherit user\" in EAPI ${EAPI}"
- fi
- ;;
- *) die "${ECLASS}: EAPI ${EAPI:-0} not supported" ;;
-esac
-
-if [[ -z ${_USER_ECLASS} ]]; then
-_USER_ECLASS=1
-
-inherit user-info
-
-# @FUNCTION: _assert_pkg_ebuild_phase
-# @INTERNAL
-# @USAGE:
-# @DESCRIPTION:
-# Raises an alert if the phase is not suitable for user.eclass usage.
-_assert_pkg_ebuild_phase() {
- case ${EBUILD_PHASE} in
- setup|preinst|postinst|prerm|postrm) ;;
- *)
- eerror "'$1()' called from '${EBUILD_PHASE}' phase which is not OK:"
- eerror "You may only call from pkg_{setup,{pre,post}{inst,rm}} functions."
- eerror "Package has serious QA issues. Please file a bug."
- die "Bad package! ${1} is only for use in some pkg_* functions!"
- esac
-}
-
-# @FUNCTION: user_get_nologin
-# @INTERNAL
-# @DESCRIPTION:
-# Find an appropriate 'nologin' shell for the platform, and output
-# its path.
-user_get_nologin() {
- local eshell
-
- for eshell in /sbin/nologin /usr/sbin/nologin /bin/false /usr/bin/false /dev/null ; do
- [[ -x ${ROOT}${eshell} ]] && break
- done
-
- if [[ ${eshell} == "/dev/null" ]] ; then
- ewarn "Unable to identify the shell to use, proceeding with userland default."
- case ${USERLAND} in
- GNU) eshell="/bin/false" ;;
- BSD) eshell="/sbin/nologin" ;;
- Darwin) eshell="/usr/sbin/nologin" ;;
- *) die "Unable to identify the default shell for userland ${USERLAND}"
- esac
- fi
-
- echo "${eshell}"
-}
-
-# @FUNCTION: enewuser
-# @USAGE: [-F] [-M] [uid] [shell] [homedir] [groups]
-# @DESCRIPTION:
-# Same as enewgroup, you are not required to understand how to properly add
-# a user to the system. The only required parameter is the username.
-# Default uid is (pass -1 for this) next available, default shell is
-# /bin/false, default homedir is /dev/null, and there are no default groups.
-#
-# If -F is passed, enewuser will always enforce specified UID and fail if it
-# can not be assigned.
-# If -M is passed, enewuser does not create the home directory if it does not
-# exist.
-enewuser() {
- if [[ ${EUID} != 0 ]] ; then
- ewarn "Insufficient privileges to execute ${FUNCNAME[0]}"
- return 0
- fi
- _assert_pkg_ebuild_phase ${FUNCNAME}
-
- local create_home=1 force_uid=
- while [[ ${1} == -* ]]; do
- case ${1} in
- -F) force_uid=1;;
- -M) create_home=;;
- *) die "${FUNCNAME}: invalid option ${1}";;
- esac
- shift
- done
-
- # get the username
- local euser=${1}; shift
- if [[ -z ${euser} ]] ; then
- eerror "No username specified!"
- die "Cannot call enewuser without a username"
- fi
-
- # lets see if the username already exists
- if [[ -n $(egetent passwd "${euser}") ]] ; then
- return 0
- fi
- elog "Adding user '${euser}' to your system ..."
-
- # options to pass to useradd
- local opts=()
-
- # handle uid
- local euid=${1}; shift
- if [[ -n ${euid} && ${euid} != -1 ]] ; then
- if [[ ${euid} -gt 0 ]] ; then
- if [[ -n $(egetent passwd ${euid}) ]] ; then
- [[ -n ${force_uid} ]] && die "${FUNCNAME}: UID ${euid} already taken"
- euid="next"
- fi
- else
- eerror "Userid given but is not greater than 0!"
- die "${euid} is not a valid UID"
- fi
- else
- [[ -n ${force_uid} ]] && die "${FUNCNAME}: -F with uid==-1 makes no sense"
- euid="next"
- fi
- if [[ ${euid} == "next" ]] ; then
- for ((euid = 999; euid >= 101; euid--)); do
- [[ -z $(egetent passwd ${euid}) ]] && break
- done
- [[ ${euid} -ge 101 ]] || die "${FUNCNAME}: no free UID found"
- fi
- opts+=( -u ${euid} )
- elog " - Userid: ${euid}"
-
- # handle shell
- local eshell=${1}; shift
- if [[ ! -z ${eshell} ]] && [[ ${eshell} != "-1" ]] ; then
- if [[ ! -e ${ROOT}${eshell} ]] ; then
- eerror "A shell was specified but it does not exist!"
- die "${eshell} does not exist in ${ROOT}"
- fi
- if [[ ${eshell} == */false || ${eshell} == */nologin ]] ; then
- eerror "Do not specify ${eshell} yourself, use -1"
- die "Pass '-1' as the shell parameter"
- fi
- else
- eshell=$(user_get_nologin)
- fi
- elog " - Shell: ${eshell}"
- opts+=( -s "${eshell}" )
-
- # handle homedir
- local ehome=${1}; shift
- if [[ -z ${ehome} ]] || [[ ${ehome} == "-1" ]] ; then
- ehome="/dev/null"
- fi
- elog " - Home: ${ehome}"
- opts+=( -d "${ehome}" )
-
- # handle groups
- local egroups=${1}; shift
- local g egroups_arr
- IFS="," read -r -a egroups_arr <<<"${egroups}"
- if [[ ${#egroups_arr[@]} -gt 0 ]] ; then
- local defgroup exgroups
- for g in "${egroups_arr[@]}" ; do
- if [[ -z $(egetent group "${g}") ]] ; then
- eerror "You must add group ${g} to the system first"
- die "${g} is not a valid GID"
- fi
- if [[ -z ${defgroup} ]] ; then
- defgroup=${g}
- else
- exgroups+=",${g}"
- fi
- done
- opts+=( -g "${defgroup}" )
- if [[ ! -z ${exgroups} ]] ; then
- opts+=( -G "${exgroups:1}" )
- fi
- fi
- elog " - Groups: ${egroups:-(none)}"
-
- # handle extra args
- if [[ $# -gt 0 ]] ; then
- die "extra arguments no longer supported; please file a bug"
- else
- local comment="added by portage for ${PN}"
- opts+=( -c "${comment}" )
- elog " - GECOS: ${comment}"
- fi
-
- # add the user
- case ${CHOST} in
- *-freebsd*|*-dragonfly*)
- pw useradd "${euser}" "${opts[@]}" || die
- ;;
-
- *-netbsd*)
- useradd "${opts[@]}" "${euser}" || die
- ;;
-
- *-openbsd*)
- # all ops the same, except the -g vs -g/-G ...
- useradd -u ${euid} -s "${eshell}" \
- -d "${ehome}" -g "${egroups}" "${euser}" || die
- ;;
-
- *)
- useradd -M -N -r "${opts[@]}" "${euser}" || die
- ;;
- esac
-
- if [[ -n ${create_home} && ! -e ${ROOT}/${ehome} ]] ; then
- elog " - Creating ${ehome} in ${ROOT}"
- mkdir -p "${ROOT}/${ehome}"
- chown "${euser}" "${ROOT}/${ehome}"
- chmod 755 "${ROOT}/${ehome}"
- fi
-}
-
-# @FUNCTION: enewgroup
-# @USAGE: [gid]
-# @DESCRIPTION:
-# This function does not require you to understand how to properly add a
-# group to the system. Just give it a group name to add and enewgroup will
-# do the rest. You may specify the gid for the group or allow the group to
-# allocate the next available one.
-#
-# If -F is passed, enewgroup will always enforce specified GID and fail if it
-# can not be assigned.
-enewgroup() {
- if [[ ${EUID} != 0 ]] ; then
- ewarn "Insufficient privileges to execute ${FUNCNAME[0]}"
- return 0
- fi
- _assert_pkg_ebuild_phase ${FUNCNAME}
-
- local force_gid=
- while [[ ${1} == -* ]]; do
- case ${1} in
- -F) force_gid=1;;
- *) die "${FUNCNAME}: invalid option ${1}";;
- esac
- shift
- done
-
- # get the group
- local egroup=${1}; shift
- if [[ -z ${egroup} ]] ; then
- eerror "No group specified!"
- die "Cannot call enewgroup without a group"
- fi
-
- # see if group already exists
- if [[ -n $(egetent group "${egroup}") ]] ; then
- return 0
- fi
- elog "Adding group '${egroup}' to your system ..."
-
- # handle gid
- local egid=${1}; shift
- if [[ -n ${egid} && ${egid} != -1 ]] ; then
- if [[ ${egid} -gt 0 ]] ; then
- if [[ -n $(egetent group ${egid}) ]] ; then
- [[ -n ${force_gid} ]] && die "${FUNCNAME}: GID ${egid} already taken"
- egid="next available; requested gid taken"
- fi
- else
- eerror "Groupid given but is not greater than 0!"
- die "${egid} is not a valid GID"
- fi
- else
- [[ -n ${force_gid} ]] && die "${FUNCNAME}: -F with gid==-1 makes no sense"
- egid="next available"
- fi
- elog " - Groupid: ${egid}"
-
- # handle extra
- if [[ $# -gt 0 ]] ; then
- die "extra arguments no longer supported; please file a bug"
- fi
-
- # Some targets need to find the next available GID manually
- _enewgroup_next_gid() {
- if [[ ${egid} == *[!0-9]* ]] ; then
- # Non numeric
- for ((egid = 999; egid >= 101; egid--)) ; do
- [[ -z $(egetent group ${egid}) ]] && break
- done
- [[ ${egid} -ge 101 ]] || die "${FUNCNAME}: no free GID found"
- fi
- }
-
- # add the group
- case ${CHOST} in
- *-freebsd*|*-dragonfly*)
- _enewgroup_next_gid
- pw groupadd "${egroup}" -g ${egid} || die
- ;;
-
- *-netbsd*)
- _enewgroup_next_gid
- groupadd -g ${egid} "${egroup}" || die
- ;;
-
- *)
- local opts
- if [[ ${egid} == *[!0-9]* ]] ; then
- # Non numeric; let groupadd figure out a GID for us
- opts=""
- else
- opts="-g ${egid}"
- fi
- # We specify -r so that we get a GID in the system range from login.defs
- groupadd -r ${opts} "${egroup}" || die
- ;;
- esac
-}
-
-# @FUNCTION: esethome
-# @USAGE:
-# @DESCRIPTION:
-# Update the home directory in a platform-agnostic way.
-# Required parameters is the username and the new home directory.
-# Specify -1 if you want to set home to the enewuser default
-# of /dev/null.
-# If the new home directory does not exist, it is created.
-# Any previously existing home directory is NOT moved.
-esethome() {
- _assert_pkg_ebuild_phase ${FUNCNAME}
-
- # get the username
- local euser=${1}; shift
- if [[ -z ${euser} ]] ; then
- eerror "No username specified!"
- die "Cannot call esethome without a username"
- fi
-
- # lets see if the username already exists
- if [[ -z $(egetent passwd "${euser}") ]] ; then
- ewarn "User does not exist, cannot set home dir -- skipping."
- return 1
- fi
-
- # handle homedir
- local ehome=${1}; shift
- if [[ -z ${ehome} ]] ; then
- eerror "No home directory specified!"
- die "Cannot call esethome without a home directory or '-1'"
- fi
-
- if [[ ${ehome} == "-1" ]] ; then
- ehome="/dev/null"
- fi
-
- # exit with no message if home dir is up to date
- if [[ $(egethome "${euser}") == ${ehome} ]]; then
- return 0
- fi
-
- elog "Updating home for user '${euser}' ..."
- elog " - Home: ${ehome}"
-
- # ensure home directory exists, otherwise update will fail
- if [[ ! -e ${ROOT}/${ehome} ]] ; then
- elog " - Creating ${ehome} in ${ROOT}"
- mkdir -p "${ROOT}/${ehome}"
- chown "${euser}" "${ROOT}/${ehome}"
- chmod 755 "${ROOT}/${ehome}"
- fi
-
- # update the home directory
- case ${CHOST} in
- *-freebsd*|*-dragonfly*)
- pw usermod "${euser}" -d "${ehome}" && return 0
- [[ $? == 8 ]] && eerror "${euser} is in use, cannot update home"
- eerror "There was an error when attempting to update the home directory for ${euser}"
- eerror "Please update it manually on your system:"
- eerror "\t pw usermod \"${euser}\" -d \"${ehome}\""
- ;;
-
- *)
- usermod -d "${ehome}" "${euser}" && return 0
- [[ $? == 8 ]] && eerror "${euser} is in use, cannot update home"
- eerror "There was an error when attempting to update the home directory for ${euser}"
- eerror "Please update it manually on your system (as root):"
- eerror "\t usermod -d \"${ehome}\" \"${euser}\""
- ;;
- esac
-}
-
-# @FUNCTION: esetshell
-# @USAGE:
-# @DESCRIPTION:
-# Update the shell in a platform-agnostic way.
-# Required parameters is the username and the new shell.
-# Specify -1 if you want to set shell to platform-specific nologin.
-esetshell() {
- _assert_pkg_ebuild_phase ${FUNCNAME}
-
- # get the username
- local euser=${1}; shift
- if [[ -z ${euser} ]] ; then
- eerror "No username specified!"
- die "Cannot call esetshell without a username"
- fi
-
- # lets see if the username already exists
- if [[ -z $(egetent passwd "${euser}") ]] ; then
- ewarn "User does not exist, cannot set shell -- skipping."
- return 1
- fi
-
- # handle shell
- local eshell=${1}; shift
- if [[ -z ${eshell} ]] ; then
- eerror "No shell specified!"
- die "Cannot call esetshell without a shell or '-1'"
- fi
-
- if [[ ${eshell} == "-1" ]] ; then
- eshell=$(user_get_nologin)
- fi
-
- # exit with no message if shell is up to date
- if [[ $(egetshell "${euser}") == ${eshell} ]]; then
- return 0
- fi
-
- elog "Updating shell for user '${euser}' ..."
- elog " - Shell: ${eshell}"
-
- # update the shell
- case ${CHOST} in
- *-freebsd*|*-dragonfly*)
- pw usermod "${euser}" -s "${eshell}" && return 0
- [[ $? == 8 ]] && eerror "${euser} is in use, cannot update shell"
- eerror "There was an error when attempting to update the shell for ${euser}"
- eerror "Please update it manually on your system:"
- eerror "\t pw usermod \"${euser}\" -s \"${eshell}\""
- ;;
-
- *)
- usermod -s "${eshell}" "${euser}" && return 0
- [[ $? == 8 ]] && eerror "${euser} is in use, cannot update shell"
- eerror "There was an error when attempting to update the shell for ${euser}"
- eerror "Please update it manually on your system (as root):"
- eerror "\t usermod -s \"${eshell}\" \"${euser}\""
- ;;
- esac
-}
-
-# @FUNCTION: esetcomment
-# @USAGE:
-# @DESCRIPTION:
-# Update the comment field in a platform-agnostic way.
-# Required parameters is the username and the new comment.
-esetcomment() {
- _assert_pkg_ebuild_phase ${FUNCNAME}
-
- # get the username
- local euser=${1}; shift
- if [[ -z ${euser} ]] ; then
- eerror "No username specified!"
- die "Cannot call esetcomment without a username"
- fi
-
- # lets see if the username already exists
- if [[ -z $(egetent passwd "${euser}") ]] ; then
- ewarn "User does not exist, cannot set comment -- skipping."
- return 1
- fi
-
- # handle comment
- local ecomment=${1}; shift
- if [[ -z ${ecomment} ]] ; then
- eerror "No comment specified!"
- die "Cannot call esetcomment without a comment"
- fi
-
- # exit with no message if comment is up to date
- if [[ $(egetcomment "${euser}") == ${ecomment} ]]; then
- return 0
- fi
-
- elog "Updating comment for user '${euser}' ..."
- elog " - Comment: ${ecomment}"
-
- # update the comment
- case ${CHOST} in
- *-freebsd*|*-dragonfly*)
- pw usermod "${euser}" -c "${ecomment}" && return 0
- [[ $? == 8 ]] && eerror "${euser} is in use, cannot update comment"
- eerror "There was an error when attempting to update the comment for ${euser}"
- eerror "Please update it manually on your system:"
- eerror "\t pw usermod \"${euser}\" -c \"${ecomment}\""
- ;;
-
- *)
- usermod -c "${ecomment}" "${euser}" && return 0
- [[ $? == 8 ]] && eerror "${euser} is in use, cannot update comment"
- eerror "There was an error when attempting to update the comment for ${euser}"
- eerror "Please update it manually on your system (as root):"
- eerror "\t usermod -c \"${ecomment}\" \"${euser}\""
- ;;
- esac
-}
-
-# @FUNCTION: esetgroups
-# @USAGE:
-# @DESCRIPTION:
-# Update the group field in a platform-agnostic way.
-# Required parameters is the username and the new list of groups,
-# primary group first.
-esetgroups() {
- _assert_pkg_ebuild_phase ${FUNCNAME}
-
- [[ ${#} -eq 2 ]] || die "Usage: ${FUNCNAME} "
-
- # get the username
- local euser=${1}; shift
-
- # lets see if the username already exists
- if [[ -z $(egetent passwd "${euser}") ]] ; then
- ewarn "User does not exist, cannot set group -- skipping."
- return 1
- fi
-
- # handle group
- local egroups=${1}; shift
-
- local g egroups_arr=()
- IFS="," read -r -a egroups_arr <<<"${egroups}"
- [[ ${#egroups_arr[@]} -gt 0 ]] || die "${FUNCNAME}: no groups specified"
-
- for g in "${egroups_arr[@]}" ; do
- if [[ -z $(egetent group "${g}") ]] ; then
- eerror "You must add group ${g} to the system first"
- die "${g} is not a valid GID"
- fi
- done
-
- local defgroup=${egroups_arr[0]} exgroups_arr=()
- # sort supplementary groups to make comparison possible
- readarray -t exgroups_arr < <(printf '%s\n' "${egroups_arr[@]:1}" | sort)
- local exgroups=${exgroups_arr[*]}
- exgroups=${exgroups// /,}
- egroups=${defgroup}${exgroups:+,${exgroups}}
-
- # exit with no message if group membership is up to date
- if [[ $(egetgroups "${euser}") == ${egroups} ]]; then
- return 0
- fi
-
- local opts=( -g "${defgroup}" -G "${exgroups}" )
- elog "Updating groups for user '${euser}' ..."
- elog " - Groups: ${egroups}"
-
- # update the group
- case ${CHOST} in
- *-freebsd*|*-dragonfly*)
- pw usermod "${euser}" "${opts[@]}" && return 0
- [[ $? == 8 ]] && eerror "${euser} is in use, cannot update groups"
- eerror "There was an error when attempting to update the groups for ${euser}"
- eerror "Please update it manually on your system:"
- eerror "\t pw usermod \"${euser}\" ${opts[*]}"
- ;;
-
- *)
- usermod "${opts[@]}" "${euser}" && return 0
- [[ $? == 8 ]] && eerror "${euser} is in use, cannot update groups"
- eerror "There was an error when attempting to update the groups for ${euser}"
- eerror "Please update it manually on your system (as root):"
- eerror "\t usermod ${opts[*]} \"${euser}\""
- ;;
- esac
-}
-
-fi