From patchwork Thu Mar 30 11:08:01 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tobias Schaffner X-Patchwork-Id: 2751 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Thu, 30 Mar 2023 13:08:56 +0200 X-Sieve: CMU Sieve 2.4 Received: from mail-lj1-f183.google.com (mail-lj1-f183.google.com [209.85.208.183]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 32UB8sx4008069 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 30 Mar 2023 13:08:54 +0200 Received: by mail-lj1-f183.google.com with SMTP id b5-20020a2ebc05000000b00295bab7c7d0sf4131767ljf.15; Thu, 30 Mar 2023 04:08:54 -0700 (PDT) ARC-Seal: i=3; a=rsa-sha256; t=1680174529; cv=pass; d=google.com; s=arc-20160816; b=MlCdlG4rKFNI7kH/ktvz3B4sLQDpYGqb5YN5DGWvlxSHHPcdVb9XaOkRwZ7YdQPpY1 00fqvxeruUp2ZWpZnjltfy3YhLSnh+4ar9+Iqdozc5ybpCT+iaAE8q1n/i19isl0X6So 7r+6XNiQw7GIi9VgwicA/IYQw8XTMFggUqjm4uSGlqVIKt5+w3FRiSMOdzKyO3zwl8hV oEGuqalyoDTYjR1J5UmUY6GDKP5H2vX9zfVRQruws2bQVulnE0fXzfObX0zHPKSBMi/U 9bNv3XaojJIXJ+SaUZ0cKy2Sme5UPHjki7SPtCAHrAtlnza50dCtvcD5sakY4vX3tWyL CTtw== ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:sender:dkim-signature; bh=MNpxwj9GeilcV5namj30NfZk+lO8zwuMS5tU6lE3cC4=; b=QHBbw07+ae4GNdWXy0dH4vUXLysm+Co/YurMv2V2YdE0eLl3Iz6WisOM1oghaY5Oye x8cYKL/0bLsOkV/BUxtFA2AiFpbDwfAonaxyMoaiDJ3h41AIp0O8WjYq+0xil07Zg8nC Eehj67u6kxVNNNjRo/PIpPwdz2v5PJC1OJ89ryKX6QFv4rmz898dWmxVsyLnTu9hYeS9 r0vY5JOorL/2g6jlkhC12e84zxlDp1DvC+EIoffde/AYxuKjD3baVDwmiHGCJU5WoHRD oxojJDpfB1+tqTpLhBu9c/0fwouQK0hNCx33yXf3f+5dJypp//d/isoXVwf4wir1zSe9 SgDQ== ARC-Authentication-Results: i=3; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b="JedbJ/kz"; arc=pass (i=1 spf=pass spfdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of tobias.schaffner@siemens.com designates 2a01:111:f400:7eaf::61b as permitted sender) smtp.mailfrom=tobias.schaffner@siemens.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20210112; t=1680174529; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-authentication-results :x-original-sender:mime-version:references:in-reply-to:message-id :date:subject:cc:to:from:sender:from:to:cc:subject:date:message-id :reply-to; bh=MNpxwj9GeilcV5namj30NfZk+lO8zwuMS5tU6lE3cC4=; b=YFjsBqAo4g2+xrZOLSX7FgbqDD38JJsFHt9iTifJvr6cSTk9tX9hTY/MevoZqJvc9J /hYpmgtvIk18g2rQcUS6l7WYm19VwQUPJnhcjHLKFZ/gdwhYoZlENar/VpVwRAhVCagK dwYYvjQWWsf5n7KbLNs9O3Ky/Oq8O3Fwzu/apo94Bc1HEC9kzWz/H87UA9LRDGUjnjor yAJxZYHAt+yyx7UAzwNgN3OJAAKJXZdjkIXuPEUVUqgAE6JYVT5DQVzYi78+OVjDC/6S kzo1miXMBwPmZY5K+EZc2kpaQjm2svYfRKYMigL6p283nZ6YJOLXjYtM9qCVcQxuMhrV 7kZw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; t=1680174529; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :x-gm-message-state:sender:from:to:cc:subject:date:message-id :reply-to; bh=MNpxwj9GeilcV5namj30NfZk+lO8zwuMS5tU6lE3cC4=; b=sSqkx+8oQLQXvMkE6GmMT4oNHGyPDq9h8LzT8iYUJrPBGNtPuzekCsem42itAeCNVI L96E869UYvvIE+4ilmRBU7gRFrBMthjCnzyngwlHMOJIg4B7lGLsVaL7/nsNRGCsKzhD SblGfebHr5usnucFVeNRsKUBVjbUm0p4yBYklvVKvkBYC+ULeQz/hFciLtW8F9bLMtlx uBI2zzCGoVLkMhrhpPtL3l+wkk2ImxymtBwDQEkE8TZt5XhYME6Wn2JFlQFRbdGpS1wm 1ZVAf61Rm3Lt3sA2VsJniZw0sMIrZHWlS4h6Tpv6zQa0p2JXwldeabIDMeAhKRF2xy7f W8BA== Sender: isar-users@googlegroups.com X-Gm-Message-State: AAQBX9eF871xXeNi+Z13NOlSQp5FMP2NT/xzeVrspTH7ipwXjF8KH5pt lGdCtLx9X9O8Hx34v6MTR+w= X-Google-Smtp-Source: AKy350aWS0u6/C6WHpzfLU/RhCst/xRGN6jgvasBp28tUrBH+gnVHaCclUksr6WTThMngxPWU0CIEA== X-Received: by 2002:a2e:a0c7:0:b0:29e:e7b7:dfd1 with SMTP id f7-20020a2ea0c7000000b0029ee7b7dfd1mr6865689ljm.6.1680174529242; Thu, 30 Mar 2023 04:08:49 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com Received: by 2002:a2e:b8d2:0:b0:295:a3ad:f338 with SMTP id s18-20020a2eb8d2000000b00295a3adf338ls320024ljp.4.-pod-prod-gmail; Thu, 30 Mar 2023 04:08:47 -0700 (PDT) X-Received: by 2002:a2e:a307:0:b0:2a6:18c0:2b3c with SMTP id l7-20020a2ea307000000b002a618c02b3cmr767692lje.0.1680174527761; Thu, 30 Mar 2023 04:08:47 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1680174527; cv=pass; d=google.com; s=arc-20160816; b=iitS42eR7LF53UwnkhWqoa8wrSHT5KfwZmyZx6lnd0PBKmRjCARdGJR9Fs0vA3eHEn IVV0OYsp5KmDwkWyIBQ5IygEsqL0n9UdSb47nq8Al1vbaK5CnYELguXxs/sgbwkjbIEl yV5T4xEnih6Mc64mhSRLEtrY19DHcB0mRUCafRRFbttsH3f6oTdx9SuAbLhzA37H4wc+ d7ZEMGAdV2JcHBmJIp29WkP72J1NMA8y3TUtjIiDQ2mc8Dy1bb1NavqN4dQoBLQ99PwX iZwaxBcBGnIH3cZg9iCTV9yLYxYj4AQ+psHDBzNC9Goa7tKuzYtUwQPs0kLsK7HbL5cg ndFQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=uARwBRHYZPSEG0bO22HJ/M5wXDtIb0615ZI3IO33rKI=; b=M3efIjWaFEhjBcgK7Y6Vwhl+S+T7lwV6GLThKDkY69wX8D4kHoCo9Qb+1gpfAInjtG SOEjWP/4ohnCvNFryqZdl97Mv+tYjDyszZdcwhZFRzmP7DihEh4fwThKtxpuMkreuu47 Td4hJcrFeQkwiwTRGEHc0fSx5t1pwLJcHoh+a7A5MPWWCOJhJdfs9ZhSfDBlfnmDH1of m74F45vR7X28E1Xj+i35mWXZsorpMEUEpkjMJRpHkVufQ5gnt3rEPJqo5t6rplk3ve6u eK9G8Z4sUgJL07KLdejndwKl/EtkpBhc+nCumSo0lF3friFqnlpohyBH393U2XDn4vR6 QcBA== ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b="JedbJ/kz"; arc=pass (i=1 spf=pass spfdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of tobias.schaffner@siemens.com designates 2a01:111:f400:7eaf::61b as permitted sender) smtp.mailfrom=tobias.schaffner@siemens.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=siemens.com Received: from EUR03-AM7-obe.outbound.protection.outlook.com (mail-am7eur03on2061b.outbound.protection.outlook.com. [2a01:111:f400:7eaf::61b]) by gmr-mx.google.com with ESMTPS id y4-20020a05651c154400b002a61d615a07si41868ljp.3.2023.03.30.04.08.47 for (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Thu, 30 Mar 2023 04:08:47 -0700 (PDT) Received-SPF: pass (google.com: domain of tobias.schaffner@siemens.com designates 2a01:111:f400:7eaf::61b as permitted sender) client-ip=2a01:111:f400:7eaf::61b; ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=oTR3X9UgTol3wg9GSvrgsfgy6fI3JyRNNhcNevBa0UDAPpjXrqSkIGgum4hJOIc+6oFaDwbHqpQ0W0qOKnBNQuHmLfmksLKOGF/Uoi0eza1Vgf+q6pPT125c6g297IGV9CE+Rn0ZjQ7Za2uJltMdsAWL8m8kpk68tbJl8/T+ed2zHLh59PYLCPU9T9bChBghBW212ft07UvNgbO8A45xKEtSBqegvGktPVlGEqCDzdsQiBwKI9rLBMUE4alloiB3jC43FZmgeW1nR5Khu+apJrknAgXQ9BKMFEpMBenh0m6SRRW18OGA67M5QCVVdekSngufLgEBD5WEKJnOYeekrA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=uARwBRHYZPSEG0bO22HJ/M5wXDtIb0615ZI3IO33rKI=; b=auvA2yeMiDLzmkoOIUrfbL1gC0QfwZJMNXE921D6TrUTeaaXuyOZur4BNe4y1cc7MPIc8YieFYJVKZPOYyljroY46DTm6HOIl1NdjMRfuHQwkI9W1T1rE766T1ZKP1YcBka+GI1vsaTPQl7hY2aqYVb217Cpw7Gu3ah1tKJBxo4yOvKLpTyPdkbilj9LYCh3tQRjRy1nBuHFG5h2yqMMFIOtTDNpSw+382tYe5kET9hwZG851hnLpRiMhr1oHUPgx12RMJqcNCW+TLI1ibEWGR3CCxd0++sKEeWc4UkrVvEIIMEGyBY+o1Swi6Zjnncu6Zgv3QWMXUQOyzMQA+9CAg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 194.138.21.76) smtp.rcpttodomain=googlegroups.com smtp.mailfrom=siemens.com; dmarc=pass (p=none sp=none pct=100) action=none header.from=siemens.com; dkim=none (message not signed); arc=none Received: from DB6PR0301CA0038.eurprd03.prod.outlook.com (2603:10a6:4:3e::48) by AS2PR10MB7299.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:605::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6254.20; Thu, 30 Mar 2023 11:08:46 +0000 Received: from DB5EUR01FT029.eop-EUR01.prod.protection.outlook.com (2603:10a6:4:3e:cafe::7e) by DB6PR0301CA0038.outlook.office365.com (2603:10a6:4:3e::48) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6178.42 via Frontend Transport; Thu, 30 Mar 2023 11:08:46 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 194.138.21.76) smtp.mailfrom=siemens.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=siemens.com; Received-SPF: Pass (protection.outlook.com: domain of siemens.com designates 194.138.21.76 as permitted sender) receiver=protection.outlook.com; client-ip=194.138.21.76; helo=hybrid.siemens.com; pr=C Received: from hybrid.siemens.com (194.138.21.76) by DB5EUR01FT029.mail.protection.outlook.com (10.152.4.241) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6254.22 via Frontend Transport; Thu, 30 Mar 2023 11:08:46 +0000 Received: from DEMCHDC8WBA.ad011.siemens.net (139.25.226.105) by DEMCHDC8VSA.ad011.siemens.net (194.138.21.76) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1118.25; Thu, 30 Mar 2023 13:08:44 +0200 Received: from L15-Gen2.fritz.box (139.25.0.85) by DEMCHDC8WBA.ad011.siemens.net (139.25.226.105) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1118.25; Thu, 30 Mar 2023 13:08:44 +0200 From: "T. Schaffner" To: CC: , , "Tobias Schaffner" Subject: [PATCH 1/4] simplify image-account-extension Date: Thu, 30 Mar 2023 13:08:01 +0200 Message-ID: <20230330110804.1016614-2-tobias.schaffner@siemens.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20230330110804.1016614-1-tobias.schaffner@siemens.com> References: <20230330110804.1016614-1-tobias.schaffner@siemens.com> MIME-Version: 1.0 X-Originating-IP: [139.25.0.85] X-ClientProxiedBy: DEMCHDC8WAA.ad011.siemens.net (139.25.226.104) To DEMCHDC8WBA.ad011.siemens.net (139.25.226.105) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DB5EUR01FT029:EE_|AS2PR10MB7299:EE_ X-MS-Office365-Filtering-Correlation-Id: 638692bb-6561-4500-922e-08db310f2197 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: kUHA8Jm4Doz626QaeJDSsqTkd+et6vy6+Zj6QJZm13imz4ZqXsvGWE5eIk8lEe6XgKS1gPvdP/AZe/WtBlIAEbXAUJHboDarykus69WkITCZA47WQE6h6LW5Isk1ld76cvBR5sCYNzOAhr9ZLiwU4gZmxxQmsQR9VJKiaN9F4tWzN/mRnrZejVnlMBi5CVzswzveXF0yiRd8cmg1vlVgeJEZoHKMl7nS9SyYlwAOpJY5iQVQQHQrXIAzKoMZcv5BU9Cud4SaN2roWRsq/kII01iQtR9nGy4A3xdF6MpE5wu63B7dqL9rjfN5oNHioLmgog8pRd/1CI14/QrhrGH3PHC6hOyDXr77cRulSeg8E01h9m8ab3hx8GH3k3wi4wUwFR70SYGOzOLvJptXYrZVKXzoX2a31uRUgv9vyYzyzfeDxyP5UOXBnv4kRsg/RLkdp2oO9OVnwFf1DhQpUqeEldfhZRbqmKXYotCGO1CKvchHPvYLWC8NepSfJbLwTr/U4aJQ+E/yo+APj+r0nBk/QrHBxAEJibrK12gX1yvRBSUgM4JxE2cQzIWiz7eZiGyj+Uc0Drg2x4VG1QOQPp4ug02kwCPtfwuXurHpse1S43oN1uhUqin/jTIs3PGlYg62Y7ZKgFTZFfw9rIxcf6mcdJt7pcUyHRObXDc0QeCJqwLzz0agMvzx3otPBnmd8+6VGJdX3iR2306o/nS1Tq5eBM6p+4I+7qmCUFsVvzNIb7RBf+S+bl29M6pBzC3Yy28eoBte8d51XG2qPN7ODuXiIg== X-Forefront-Antispam-Report: CIP:194.138.21.76;CTRY:DE;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:hybrid.siemens.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230028)(4636009)(136003)(39860400002)(346002)(396003)(376002)(451199021)(36840700001)(46966006)(40470700004)(70586007)(26005)(1076003)(6666004)(107886003)(81166007)(82960400001)(356005)(82740400003)(30864003)(956004)(478600001)(47076005)(34020700004)(36860700001)(16526019)(186003)(336012)(15650500001)(40460700003)(5660300002)(2906002)(8936002)(2616005)(70206006)(36756003)(82310400005)(316002)(54906003)(41300700001)(6916009)(4326008)(86362001)(40480700001)(8676002)(83380400001)(36900700001);DIR:OUT;SFP:1101; X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 30 Mar 2023 11:08:46.0127 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 638692bb-6561-4500-922e-08db310f2197 X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=38ae3bcd-9579-4fd4-adda-b42e1495d55a;Ip=[194.138.21.76];Helo=[hybrid.siemens.com] X-MS-Exchange-CrossTenant-AuthSource: DB5EUR01FT029.eop-EUR01.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS2PR10MB7299 X-Original-Sender: tobias.schaffner@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b="JedbJ/kz"; arc=pass (i=1 spf=pass spfdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of tobias.schaffner@siemens.com designates 2a01:111:f400:7eaf::61b as permitted sender) smtp.mailfrom=tobias.schaffner@siemens.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=siemens.com Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Status: No, score=-0.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_EF,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,RCVD_IN_MSPIKE_H2,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= From: Tobias Schaffner Do the complete user and group creation in python. This allows us to drop the encoding and parsing code that was used to make the user and group lists available in the shell function. Signed-off-by: Tobias Schaffner --- meta/classes/image-account-extension.bbclass | 368 +++++++------------ 1 file changed, 124 insertions(+), 244 deletions(-) diff --git a/meta/classes/image-account-extension.bbclass b/meta/classes/image-account-extension.bbclass index 1a1f704d..d1133bb4 100644 --- a/meta/classes/image-account-extension.bbclass +++ b/meta/classes/image-account-extension.bbclass @@ -1,5 +1,5 @@ # This software is a part of ISAR. -# Copyright (C) Siemens AG, 2019 +# Copyright (C) Siemens AG, 2023 # # SPDX-License-Identifier: MIT # @@ -25,251 +25,131 @@ GROUPS ??= "" #GROUP_root[gid] = "" #GROUP_root[flags] = "system" -def gen_accounts_array(d, listname, entryname, flags, verb_flags=None): - from itertools import chain - - entries = (d.getVar(listname) or "").split() - return " ".join( - ":".join( - chain( - (entry,), - ( - (",".join( - ( - d.getVarFlag(entryname + "_" + entry, flag, True) or "" - ).split() - ) if flag not in (verb_flags or []) else ( - d.getVarFlag(entryname + "_" + entry, flag, True) or "" - )).replace(":","=") - for flag in flags - ), - ) - ) - for entry in entries - ) - -# List of space separated entries, where each entry has the format: -# username:encryptedpassword:expiredate:inactivenumber:userid:groupid:comment:homedir:shell:group1,group2:flag1,flag2 -IMAGE_ACCOUNTS_USERS =+ "${@gen_accounts_array(d, 'USERS', 'USER', ['password', 'expire', 'inactive', 'uid', 'gid', 'comment', 'home', 'shell', 'groups', 'flags'], ['password', 'comment', 'home', 'shell'])}" - -# List of space separated entries, where each entry has the format: -# groupname:groupid:flag1,flag2 -IMAGE_ACCOUNTS_GROUPS =+ "${@gen_accounts_array(d, 'GROUPS', 'GROUP', ['gid', 'flags'])}" - -do_rootfs_install[vardeps] += "${IMAGE_ACCOUNTS_GROUPS} ${IMAGE_ACCOUNTS_USERS}" -ROOTFS_POSTPROCESS_COMMAND += "image_postprocess_accounts" -image_postprocess_accounts() { - # Create groups - # Add space to the end of the list: - list='${@" ".join(d.getVar('IMAGE_ACCOUNTS_GROUPS').split())} ' - while true; do - # Pop first group entry: - list_rest="${list#*:*:* }" - entry="${list%%${list_rest}}" - list="${list_rest}" - - if [ -z "${entry}" ]; then - break - fi - - # Add colon to the end of the entry and remove trailing space: - entry="${entry% }:" - - # Decode entries: - name="${entry%%:*}" - entry="${entry#${name}:}" - - gid="${entry%%:*}" - entry="${entry#${gid}:}" - - flags="${entry%%:*}" - entry="${entry#${flags}:}" - - flags=",${flags}," # Needed for searching for substrings - - # Check if user already exists: - if grep -q "^${name}:" '${ROOTFSDIR}/etc/group'; then - exists="y" - else - exists="n" - fi - - # Create arguments: - set -- # clear arguments - - if [ -n "$gid" ]; then - set -- "$@" --gid "$gid" - fi - - if [ "n" = "$exists" ]; then - if [ "${flags}" != "${flags%*,system,*}" ]; then - set -- "$@" --system - fi - fi - - # Create or modify groups: - if [ "y" = "$exists" ]; then - if [ -z "$@" ]; then - echo "Do not execute groupmod (no changes)." - else - echo "Execute groupmod with \"$@\" for \"$name\"" - sudo -E chroot '${ROOTFSDIR}' \ - /usr/sbin/groupmod "$@" "$name" - fi - else - echo "Execute groupadd with \"$@\" for \"$name\"" - sudo -E chroot '${ROOTFSDIR}' \ - /usr/sbin/groupadd "$@" "$name" - fi - done - - # Create users - list='${@" ".join(d.getVar('IMAGE_ACCOUNTS_USERS').split())} ' - while true; do - # Pop first user entry: - list_rest="${list#*:*:*:*:*:*:*:*:*:*:* }" - entry="${list%%${list_rest}}" - list="${list_rest}" - - if [ -z "${entry}" ]; then - break - fi - - # Add colon to the end of the entry and remove trailing space: - entry="${entry% }:" - - # Decode entries: - name="${entry%%:*}" - entry="${entry#${name}:}" - - password="${entry%%:*}" - entry="${entry#${password}:}" - - expire="${entry%%:*}" - entry="${entry#${expire}:}" - - inactive="${entry%%:*}" - entry="${entry#${inactive}:}" - - uid="${entry%%:*}" - entry="${entry#${uid}:}" - - gid="${entry%%:*}" - entry="${entry#${gid}:}" - - comment="${entry%%:*}" - entry="${entry#${comment}:}" - - home="${entry%%:*}" - entry="${entry#${home}:}" - - shell="${entry%%:*}" - entry="${entry#${shell}:}" - - groups="${entry%%:*}" - entry="${entry#${groups}:}" - - flags="${entry%%:*}" - entry="${entry#${flags}:}" - - flags=",${flags}," # Needed for searching for substrings - - # Check if user already exists: - if grep -q "^${name}:" '${ROOTFSDIR}/etc/passwd'; then - exists="y" - else - exists="n" - fi - - # Create arguments: - set -- # clear arguments - - if [ -n "$expire" ]; then - set -- "$@" --expiredate "$expire" - fi - - if [ -n "$inactive" ]; then - set -- "$@" --inactive "$inactive" - fi - - if [ -n "$uid" ]; then - set -- "$@" --uid "$uid" - fi - - if [ -n "$gid" ]; then - set -- "$@" --gid "$gid" - fi - - if [ -n "$comment" ]; then - set -- "$@" --comment "$comment" - fi - - if [ -n "$home" ]; then - if [ "y" = "$exists" ]; then - set -- "$@" --home "$home" --move-home - else - set -- "$@" --home-dir "$home" - fi - fi - - if [ -n "$shell" ]; then - set -- "$@" --shell "$shell" - fi - - if [ -n "$groups" ]; then - set -- "$@" --groups "$groups" - fi - - if [ "n" = "$exists" ]; then - if [ "${flags}" != "${flags%*,system,*}" ]; then - set -- "$@" --system - fi - if [ "${flags}" != "${flags%*,no-create-home,*}" ]; then - set -- "$@" --no-create-home - else - if [ "${flags}" != "${flags%*,create-home,*}" ]; then - set -- "$@" --create-home - fi - fi - fi - - # Create or modify users: - if [ "y" = "$exists" ]; then - if [ -z "$@" ]; then - echo "Do not execute usermod (no changes)." - else - echo "Execute usermod with \"$@\" for \"$name\"" - sudo -E chroot '${ROOTFSDIR}' \ - /usr/sbin/usermod "$@" "$name" - fi - else - echo "Execute useradd with \"$@\" for \"$name\"" - sudo -E chroot '${ROOTFSDIR}' \ - /usr/sbin/useradd "$@" "$name" - fi - - # Set password: - if [ -n "$password" -o "${flags}" != "${flags%*,allow-empty-password,*}" ]; then - chpasswd_args="-e" - if [ "${flags}" != "${flags%*,clear-text-password,*}" ]; then +def image_create_groups(d: "DataSmart") -> None: + """Creates the groups defined in the ``GROUPS`` bitbake variable. + + Args: + d (DataSmart): The bitbake datastore. + + Returns: + None + """ + entries = (d.getVar("GROUPS") or "").split() + rootfsdir = d.getVar("ROOTFSDIR") + chroot = ["sudo", "-E", "chroot", rootfsdir] + + for entry in entries: + args = [] + group_entry = "GROUP_{}".format(entry) + + with open("{}/etc/group".format(rootfsdir), "r") as group_file: + exists = any(line.startswith("{}:".format(entry)) for line in group_file) + + gid = d.getVarFlag(group_entry, "gid") or "" + if gid: + args.append("--gid") + args.append(gid) + + flags = (d.getVarFlag(group_entry, "flags") or "").split() + if "system" in flags: + args.append("--system") + + if exists: + if args: + bb.process.run([*chroot, "/usr/sbin/groupmod", *args, entry]) + else: + bb.process.run([*chroot, "/usr/sbin/groupadd", *args, entry]) + + +def image_create_users(d: "DataSmart") -> None: + """Creates the users defined in the ``USERS`` bitbake variable. + + Args: + d (DataSmart): The bitbake datastore. + + Returns: + None + """ + import hashlib + import crypt + + entries = (d.getVar("USERS") or "").split() + rootfsdir = d.getVar("ROOTFSDIR") + chroot = ["sudo", "-E", "chroot", rootfsdir] + + for entry in entries: + args = [] + user_entry = "USER_{}".format(entry) + + with open("{}/etc/passwd".format(rootfsdir), "r") as passwd_file: + exists = any(line.startswith("{}:".format(entry)) for line in passwd_file) + + def add_user_option(option_name, flag_name): + flag_value = d.getVarFlag(user_entry, flag_name) or "" + if flag_value: + args.append(option_name) + args.append(flag_value) + + add_user_option("--expire", "expiredate") + add_user_option("--inactive", "inactive") + add_user_option("--uid", "uid") + add_user_option("--gid", "gid") + add_user_option("--comment", "comment") + add_user_option("--shell", "shell") + + groups = d.getVarFlag(user_entry, "groups") or "" + if groups: + args.append("--groups") + args.append(groups.replace(' ', ',')) + + flags = (d.getVarFlag(user_entry, "flags") or "").split() + + if exists: + add_user_option("--home", "home") + if d.getVarFlag(user_entry, "home") or "": + args.append("--move-home") + else: + add_user_option("--home-dir", "home") + + if "system" in flags: + args.append("--system") + if "no-create-home" in flags: + args.append("--no-create-home") + if "create-home" in flags: + args.append("--create-home") + + if exists: + if args: + bb.process.run([*chroot, "/usr/sbin/usermod", *args, entry]) + else: + bb.process.run([*chroot, "/usr/sbin/useradd", *args, entry]) + + command = [*chroot, "/usr/sbin/chpasswd"] + password = d.getVarFlag(user_entry, "password") or "" + if password or "allow-empty-password" in flags: + if "clear-text-password" in flags: + # chpasswd adds a random salt when running against a clear-text password. # For reproducible images, we manually generate the password and use the # SOURCE_DATE_EPOCH to generate the salt in a deterministic way. - if [ -z "${SOURCE_DATE_EPOCH}" ]; then - chpasswd_args="" - else - salt="$(echo "${SOURCE_DATE_EPOCH}" | sha256sum -z | cut -c 1-15)" - password="$(openssl passwd -6 -salt $salt "$password")" - fi - fi - printf '%s:%s' "$name" "$password" | sudo chroot '${ROOTFSDIR}' \ - /usr/sbin/chpasswd $chpasswd_args - fi - if [ "${flags}" != "${flags%*,force-passwd-change,*}" ]; then - echo "Execute passwd to force password change on first boot for \"$name\"" - sudo -E chroot '${ROOTFSDIR}' \ - /usr/bin/passwd --expire "$name" - fi - done + source_date_epoch = d.getVar("SOURCE_DATE_EPOCH") or "" + if source_date_epoch: + command.append("-e") + salt = hashlib.sha256("{}\n".format(source_date_epoch).encode()).hexdigest()[0:15] + password = crypt.crypt(password, "$6${}".format(salt)) + + else: + command.append("-e") + + bb.process.run(command, "{}:{}".format(entry, password).encode()) + + if "force-passwd-change" in flags: + bb.process.run([*chroot, "/usr/sbin/passwd", "--expire", entry]) + + +ROOTFS_POSTPROCESS_COMMAND += "image_postprocess_accounts" +python image_postprocess_accounts() { + image_create_groups(d) + image_create_users(d) }