From 6c2f9a9ffb29b6ade8eb8d0ea415cd939b283de1 Mon Sep 17 00:00:00 2001 From: Michael Marineau Date: Sat, 24 Aug 2013 23:34:15 -0400 Subject: [PATCH] fix(make_chroot): Improve chroot user creation. If the user already exists check that the UID and GID are correct and modify it (setting shell and home directory) to match what the SDK expects. This avoids needlessly failing if the user calling cros_sdk is the 'core' user on a CoreOS machine. Change new-user creation to copy the user's full name and group instead of using a generic name and Google's 'eng' group. Also remove the default password for the account, it isn't needed and uses perl. --- sdk_lib/make_chroot.sh | 47 +++++++++++++++++++++++++++--------------- 1 file changed, 30 insertions(+), 17 deletions(-) diff --git a/sdk_lib/make_chroot.sh b/sdk_lib/make_chroot.sh index 716813db19..2537ed9821 100755 --- a/sdk_lib/make_chroot.sh +++ b/sdk_lib/make_chroot.sh @@ -71,10 +71,7 @@ switch_to_strict_mode . "${SCRIPT_ROOT}"/sdk_lib/make_conf_util.sh -FULLNAME="ChromeOS Developer" -DEFGROUPS="eng,adm,cdrom,floppy,audio,video,portage" -PASSWORD=chronos -CRYPTED_PASSWD=$(perl -e 'print crypt($ARGV[0], "foo")', $PASSWORD) +DEFGROUPS="adm,cdrom,floppy,audio,video,portage" USEPKG="" if [[ $FLAGS_usepkg -eq $FLAGS_TRUE ]]; then @@ -139,19 +136,35 @@ delete_existing() { } init_users () { - info "Adding user/group..." - # Add ourselves as a user inside the chroot. - bare_chroot groupadd -g 5000 eng - # We need the UID to match the host user's. This can conflict with - # a particular chroot UID. At the same time, the added user has to - # be a primary user for the given UID for sudo to work, which is - # determined by the order in /etc/passwd. Let's put ourselves on top - # of the file. - bare_chroot useradd -o -G ${DEFGROUPS} -g eng -u ${SUDO_UID} -s \ - /bin/bash -m -c "${FULLNAME}" -p ${CRYPTED_PASSWD} ${SUDO_USER} - # Because passwd generally isn't sorted and the entry ended up at the - # bottom, it is safe to just take it and move it to top instead. - sed -e '1{h;d};$!{H;d};$G' -i "${FLAGS_chroot}/etc/passwd" + if grep -q "^${SUDO_USER}:[^:]*:${SUDO_UID}:${SUDO_GID}:" \ + "${FLAGS_chroot}/etc/passwd"; then + info "Updating ${SUDO_USER} (already exists in chroot)..." + bare_chroot usermod -a -G "${DEFGROUPS}" \ + -s /bin/bash -m -d "/home/${SUDO_USER}" "${SUDO_USER}" + elif grep -q "^${SUDO_USER}:" "${FLAGS_chroot}/etc/passwd"; then + die "User ${SUDO_USER} exists in chroot with different UID/GID" + else + info "Adding user ${SUDO_USER}..." + local full_name group_name + full_name=$(getent passwd "${SUDO_USER}" | cut -d: -f5) + [[ -n "${full_name}" ]] || die "Looking up user $SUDO_USER failed." + group_name=$(getent group "${SUDO_GID}" | cut -d: -f1) + [[ -n "${group_name}" ]] || die "Looking up gid $SUDO_GID failed." + + # We need the UID to match the host user's. This can conflict with + # a particular chroot UID. At the same time, the added user has to + # be a primary user for the given UID for sudo to work, which is + # determined by the order in /etc/passwd. Let's put ourselves on top + # of the file. + bare_chroot groupadd -o -g "${SUDO_GID}" "${group_name}" + bare_chroot useradd -o \ + -G "${DEFGROUPS}" -g "${SUDO_GID}" -u "${SUDO_UID}" \ + -s /bin/bash -m -c "${full_name}" "${SUDO_USER}" + # Because passwd generally isn't sorted and the entry ended up at the + # bottom, it is safe to just take it and move it to top instead. + sed -e '1{h;d};$!{H;d};$G' -i "${FLAGS_chroot}/etc/group" + sed -e '1{h;d};$!{H;d};$G' -i "${FLAGS_chroot}/etc/passwd" + fi } init_setup () {