mirrors/flatcar-scripts
1
0
Fork 0
mirror of https://github.com/flatcar/scripts.git synced 2025-09-22 22:21:10 +02:00
Code Issues Packages Projects Releases Wiki Activity

build_library: move package sysusers to /usr database

Browse Source 
Package users nowadays get created through systemd-sysuser files.
Gentoo uses the acct-user|groups packages to allocate stable IDs for
these users. Since they get created at runtime, we have the problem
that they end up in /etc/passwd at boot time which would be fine if
they follow the acct-user allocations but it could also be that there
is a package that uses its own sysuser files, leading to dynamic ID
allocation which we can't control and may result in ugly user ID
mismatches that are hard to resolve again. Normally we intend to ship
all system users under /usr/share/baselayout/passwd so that /etc/passwd
is really left to the user's own entries.
Generate the /etc/passwd sysuser entries at image build time and move
these entries over to /usr/share/baselayout/passwd so that all
system users reside in this database. We should still ensure to have
acct-user packages for all system users or at least hardcoded user
IDs, therefore, add a check for that.
This commit is contained in:
Kai Lueke 2022-02-16 18:26:04 +01:00
parent 221351927e
commit cc509e77d3
1 changed files with 18 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
build_library/build_image_util.sh
View File

@ -607,6 +607,24 @@ finish_image() {
"${root_fs_dir}/boot/flatcar/vmlinuz-a" "${root_fs_dir}/boot/flatcar/vmlinuz-a"
sudo rm "${root_fs_dir}/usr/boot/vmlinuz"* sudo rm "${root_fs_dir}/usr/boot/vmlinuz"*
# Forbid dynamic user ID allocation because we want stable IDs
local found=""
# We want to forbid "-", "X:-" (.*:-), "-:X" (-:.*), "/X" (/.*)
found=$({ grep '^[ug]' "${root_fs_dir}"/usr/lib/sysusers.d/*.conf || true ; } | awk '{print $3}' | { grep -x -- "-\|.*:-\|-:.*\|/.*" || true ; })
if [ "${found}" != "" ]; then
die "Found dynamic ID allocation instead of hardcoded ID in /usr/lib/sysusers.d/*.conf (third column must not use '-', 'X:-', '-:X', or '/path')"
fi
# Run systemd-sysusers once to create users in /etc/passwd so that
# we can move them to /usr (relying on nss-altfiles to provide them
# at runtime, but we could use systemd's userdb, too).
sudo systemd-sysusers --root="${root_fs_dir}"
for databasefile in passwd group shadow gshadow; do
newentries=$(comm -23 <(sudo cut -d ":" -f 1 "${root_fs_dir}/etc/${databasefile}" | sort) <(sudo cut -d ":" -f 1 "${root_fs_dir}/usr/share/baselayout/${databasefile}" | sort))
for newentry in ${newentries}; do
sudo grep "^${newentry}:" "${root_fs_dir}/etc/${databasefile}" | sudo tee -a "${root_fs_dir}/usr/share/baselayout/${databasefile}"
done
sudo rm -f "${root_fs_dir}/etc/${databasefile}" "${root_fs_dir}/etc/${databasefile}-"
done
# Record directories installed to the state partition. # Record directories installed to the state partition.
# Explicitly ignore entries covered by existing configs. # Explicitly ignore entries covered by existing configs.
local tmp_ignore=$(awk '/^[dDfFL]/ {print "--ignore=" $2}' \ local tmp_ignore=$(awk '/^[dDfFL]/ {print "--ignore=" $2}' \