From patchwork Tue May 9 07:44:09 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tobias Schaffner X-Patchwork-Id: 2790 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Tue, 09 May 2023 09:44:52 +0200 X-Sieve: CMU Sieve 2.4 Received: from mail-lf1-f58.google.com (mail-lf1-f58.google.com [209.85.167.58]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 3497iphp030641 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 9 May 2023 09:44:52 +0200 Received: by mail-lf1-f58.google.com with SMTP id 2adb3069b0e04-4f139de8c55sf6785739e87.0; Tue, 09 May 2023 00:44:52 -0700 (PDT) ARC-Seal: i=3; a=rsa-sha256; t=1683618286; cv=pass; d=google.com; s=arc-20160816; b=ZFGInMyHgNaFuTaGYgP7VhO8e6NaUEk5Z7OXWh4BMfXFf4en1FmacRPmL1ZPULrpPP i5cnMABoZ+nac+PbceqG8Ku8Z+FLS6HIZ+DUAHSVkWzHjdQWsdMgv4LsJT76tMYM0zzL ePIaNGRWcOkbc01E3DEf4HGsIDG/QXwbH1LkPB1QUZN5GxR8qWXplZ4GALcNulEbJRvm TD8dwGa2YCULPkHTqgE6E5dpI6AsTJ9tgnuH+DszxAmB6nsSkNbGcT5mnAM1PaQrdLFw yki/QzH/kiTfFzP0xhUEv5uU/U3hXKKvtYDYegdXet7etN3OIcoG5iPs0YwWbnhllwQn qBqg== ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:mime-version:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature; bh=cJuw1TExhND3yvZ6S+tjOcge38kABKMBNMjuCZiKJXw=; b=ICgz7qk0uWg/FS6sfzXaa7K4h1eJwQDld9dDnIWkbG39wl0kuNkHaat6/0VLBSzj8L r+R0FaV9rG0YlUfs+3913/tYao3OVTKhrT/PpBX0WYllm1TK8DEoxYpR6NKneAM6dse/ 12fLSvprRAzVA8pYxbHtIvFBPBy2Et3acQktwkfyWDSPCY7y/0zcUycswqT9NpvcbZIB 1ACFDnDNUlDw8MYOH1pkrMLgrNpBAw0cYTlSK7uIbsi+GG1ttO7RA32A567mdCwN1KPE t6Tl3u1HxM/P9sMSDZD7FFEqwNFm1GvxileyXdgEPpyOJITdkWBFDKop0y63WPXj3tBQ 8SHw== ARC-Authentication-Results: i=3; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=Zb7085hW; arc=pass (i=1 spf=pass spfdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of tobias.schaffner@siemens.com designates 2a01:111:f400:7e1a::61c as permitted sender) smtp.mailfrom=tobias.schaffner@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20221208; t=1683618286; x=1686210286; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from:from:to :cc:subject:date:message-id:reply-to; bh=cJuw1TExhND3yvZ6S+tjOcge38kABKMBNMjuCZiKJXw=; b=dJRVxRYDlneSbMyUZKKxGMEeOcaLkWu2c4V0uqZ0vh/WUNd1kuu8lc8E8uONCyIjVz dlAW/UiSWW0UPCUi2sH5337zs0kiQeqlken5UPtBJSnQz9qWrNaezgh/1J8l5sYbOl8r i1TARwKV3Kb88nWPTrscL6uKPnikPsj6RXvX58K5eL4s+DZsSEQ7n3HVt2vF8sCMJux+ zMX+wvcBUS0YQfaO7ND5fWXLLlVEBr97ogbBbWOMP+jK9jL1GXg5Xd/vCYEN6fqLdzFj 5J7Ezjspl0m7CDUQBSiyS8Bb6B4IWen5yoJFKuZQJ9vYcYF3EwAJhysAqRmTDK3kIaiW sdvw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1683618286; x=1686210286; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :x-beenthere:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=cJuw1TExhND3yvZ6S+tjOcge38kABKMBNMjuCZiKJXw=; b=KXyLeKwRypY8vZS75rn5eeTo3wPDM78Q6ZrxTPK1nBCDfHd0UEj7ryhJoKjjxZtjfK EJ2QEp9iUfL1E48QF17shjzqLvzQoQptiANCaOJ2eqH9Epnq/icbJbkQJWohye4OSvF/ UwWHrxO1RKwEwYuFSQFDlRxjPx5R3Txkcyst4dQ2y/rHcdOAw7XP8rFAlHF/rE1Iv37N WsxdShfnC2mjSbaBlMEkc4QnmOc9ksYfiAzF40haYB9lu1R94K0jk/7/GUj2AiheDbUU HT9IOJrJDfJ+T1Up0wlqfRIGR2LGTtFC24ijebCVPGEZ9wKGE4ydBupgcp2qDlooYLLO 7Xdg== X-Gm-Message-State: AC+VfDyuQTJ2z2X1VoGyMXwZsOSVOcWh37EeubHxJgdJI4w+3LS6i5J2 qTXjYYuuQfj9smszSbqFeC8= X-Google-Smtp-Source: ACHHUZ4v3RF1sckXqNqOjfSwEsuJeNF4LfZzFRFtfMi4Yuuz+0zri78n1n7lKLBmLa4NPLvdqsOp0Q== X-Received: by 2002:a05:6512:1109:b0:4d8:86c2:75ea with SMTP id l9-20020a056512110900b004d886c275eamr537340lfg.3.1683618286328; Tue, 09 May 2023 00:44:46 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com Received: by 2002:a2e:bea9:0:b0:2ab:4d:c40d with SMTP id a41-20020a2ebea9000000b002ab004dc40dls1515ljr.1.-pod-prod-00-eu; Tue, 09 May 2023 00:44:44 -0700 (PDT) X-Received: by 2002:a05:651c:1728:b0:2a9:f9e0:a820 with SMTP id be40-20020a05651c172800b002a9f9e0a820mr492159ljb.11.1683618284845; Tue, 09 May 2023 00:44:44 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1683618284; cv=pass; d=google.com; s=arc-20160816; b=yLVyJYvvB81tBov4sMrN14GlTfhWDGSrxpRvCuUMTbImmHaIk0/nzoq4wQiq8vEksm 7rz5wCiWmwiHRRuajIRect/yhH9hi8dNqcawEHVR8vWZywD5eiua0qevV7Gjbjkr+aJ/ dh8GjepAhUAau+Rs8MsaJBv8DFZ1YpoYJw6ACvdx6R5V5cxjhPPgTGd5WWwTKzn2pzST uck1X2FZufsyxFmUCGEvO56etUUjuC3arqjwWvzEpQkATtWARYXcaR2d2S/URC4ugguq 5rJ88Oi4QuBuQBS0qlzoh+lWo6wfjgO+wFH7KzPcTj0Sd6RPLAudWP1nsexveSAE6a+N gU5A== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=nn51Thbj2GDiWjILGx8huR4gWhAsJb0XTJxRyH1YtYM=; b=tB148577K0IJfkWJX9ZZT46YNtnqXKo878vl7cteyN9xng+Nbl9m8ssthBsOBsOdjO HRWRKGjMNcITWUyEOUe+hNJUJBZVY2Lpoql5mGkLiezSAoZXUzpV7wTHuj0YhdzD2eQo BbhrSjfu0QXfYfsRTTYv2opMlSfk+Tb/Wn43QKrz+dwExqtMkD4BxZiQuiGrsB+TtTVN OQDj7sEncWf43M7nzhRHxyO3AWWVpW7SzDJzSt3iNpu95Dp30LUHhqcBpHPVTlc2iZ6D QH0ntcTQMqMjdt55RQPYZnpJCEp9v7RjDxfQaitlGCEM7vQt9LM4BpG+QaJ7rZBpxoIZ aFzQ== ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=Zb7085hW; arc=pass (i=1 spf=pass spfdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of tobias.schaffner@siemens.com designates 2a01:111:f400:7e1a::61c as permitted sender) smtp.mailfrom=tobias.schaffner@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com Received: from EUR05-DB8-obe.outbound.protection.outlook.com (mail-db8eur05on2061c.outbound.protection.outlook.com. [2a01:111:f400:7e1a::61c]) by gmr-mx.google.com with ESMTPS id h5-20020a2ebc85000000b002ac885a8f29si571025ljf.3.2023.05.09.00.44.44 for (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Tue, 09 May 2023 00:44:44 -0700 (PDT) Received-SPF: pass (google.com: domain of tobias.schaffner@siemens.com designates 2a01:111:f400:7e1a::61c as permitted sender) client-ip=2a01:111:f400:7e1a::61c; ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=aHDIXnnk2e7XD1LLngM+bN5ihtEQ9YvIOIVkzI+CJCcH/gN5ifi1y+ca7TDRTTLX9N9uUXAmU2KUT5dFZroLgArzJ3pJhKTcXrTy31/YyDn8kAAK7k8Wzu/zZ1WwrwUFo4Gq2X7+bZYtDTs7uruF7MhkotE5AHIaTM7DuFCJOqCucAzVTBjeVWQP3Lcgj1flZPZ0Lr3+fPXdHVoz4bhL2xDZYB+vzE1zFt8Oz/SElpTK822rac1PVWNXcZTLirechRrHZxom8hJObUwn63vLwpt4jJW6/XspI2BheT1p49O3oUzmhwa035GTsAspJymdxYjKRNDpJJUN18twJjFpLg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=nn51Thbj2GDiWjILGx8huR4gWhAsJb0XTJxRyH1YtYM=; b=P75O8IwwK/x8oB6/YQ9hubavPCvbmtTsICNuxIMspzcGYcSa88rBbdCRMgxocYOeetDiLomTSL7EGkIrVo8cx3ZBAOTlb3fIJxY54KBty4qInE/TORSpiilHBgrUa7+ZhnhImDn/iNZ0sYS140B4SkHBjy/DfKlwz6H2cFSTikqgPMtScz3jOSDraa4Zo0ZqiAoaBZ8XQDAMsvo3017cNPJxFfe5SJK6Xpr9T70irymAG68BHsF2Qt55ydaIbJajVWBChzmBocr22PHhjW2oNd9ek/iB0zg8Nlfpy9JJn2ee3UiOEknSNhmyN9wTlhWVyVBWsOcr2PqSCL0tbZjJVw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 194.138.21.76) smtp.rcpttodomain=googlegroups.com smtp.mailfrom=siemens.com; dmarc=pass (p=reject sp=reject pct=100) action=none header.from=siemens.com; dkim=none (message not signed); arc=none Received: from FR3P281CA0209.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:a5::8) by DU0PR10MB6801.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:10:477::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6363.32; Tue, 9 May 2023 07:44:41 +0000 Received: from VE1EUR01FT011.eop-EUR01.prod.protection.outlook.com (2603:10a6:d10:a5:cafe::ba) by FR3P281CA0209.outlook.office365.com (2603:10a6:d10:a5::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6387.18 via Frontend Transport; Tue, 9 May 2023 07:44:41 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 194.138.21.76) smtp.mailfrom=siemens.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=siemens.com; Received-SPF: Pass (protection.outlook.com: domain of siemens.com designates 194.138.21.76 as permitted sender) receiver=protection.outlook.com; client-ip=194.138.21.76; helo=hybrid.siemens.com; pr=C Received: from hybrid.siemens.com (194.138.21.76) by VE1EUR01FT011.mail.protection.outlook.com (10.152.2.229) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6387.18 via Frontend Transport; Tue, 9 May 2023 07:44:41 +0000 Received: from DEMCHDC8WAA.ad011.siemens.net (139.25.226.104) by DEMCHDC8VSA.ad011.siemens.net (194.138.21.76) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1118.25; Tue, 9 May 2023 09:44:41 +0200 Received: from L15-Gen2.fritz.box (139.22.36.202) by DEMCHDC8WAA.ad011.siemens.net (139.25.226.104) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1118.25; Tue, 9 May 2023 09:44:39 +0200 X-Patchwork-Original-From: "'T. Schaffner' via isar-users" From: Tobias Schaffner To: CC: , , "Tobias Schaffner" Subject: [PATCH v2 1/4] simplify image-account-extension Date: Tue, 9 May 2023 09:44:09 +0200 Message-ID: <20230509074412.86392-2-tobias.schaffner@siemens.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20230509074412.86392-1-tobias.schaffner@siemens.com> References: <20230509074412.86392-1-tobias.schaffner@siemens.com> MIME-Version: 1.0 X-Originating-IP: [139.22.36.202] X-ClientProxiedBy: DEMCHDC8WBA.ad011.siemens.net (139.25.226.105) To DEMCHDC8WAA.ad011.siemens.net (139.25.226.104) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: VE1EUR01FT011:EE_|DU0PR10MB6801:EE_ X-MS-Office365-Filtering-Correlation-Id: e6eb0eed-0d62-4654-ae75-08db50613fd3 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: PN3Dl75Ygb2sH/f67xExHl6qa6JctyrBwPuzD1LTFBTAyF+7kDCiu3Xxy3WKG0/LoebT7hCEyDuVORWBSXpiz2UQ4o/w0Bo2YNtJaOBmSJQL/6eydzTp2bOPoM8ilSdQBexHfCQQfFfCGZmrxKx7xgkut4w8167nQ3CX2NiqHNe7tB6lW8wWR3ZYEPpn6dGZ6MTERwUZPoSavT+1wxJzKNq/v1LqYYZKO6fAopgvVJHBpyWjYB4+NQrojkHCGiGO7/HIsZaP2aLXKmGoblPMA8Ijia/xc8xScc9W+6YnZf3OaHlS0B5h0rpSvmAoDUyVeAsfA7OnbymKZwIgNJZJ/aUf1k3MFH7bSLhNUw5BAmNjI7SG15dAhTmP+rDyX1SucXgCeQ4ZU0CnvMG2ppGVNfgGupRywu66fEs5y3FfEhSl596frIRUKNKQuYEVemaSREWaR8GHOy2Yf71Rz0OjhNewLURzwhwrH1xM1LTzqJQ893ojcwcRrO8Fu4Bl3WtVqAp9VzwESU5vGxa5jj13f7F+gbo3R4xoaG2OxOj5hLddvNM6htoXEggRZkuXA1QcfOQe4MHd2zQ5IImiTk7erfEH0JfIbOMCUmv7pnb5R6gCquZ1XQRkbqLiIUMrPR0i3Rl2OkxL/cyffgyhmc+00yFUbNsfnYrYgIs3mgJbM1EdDItCDA5OjhBEY2Ij9ZQjC360wuJ7nBAQNZ73XWKxBtbGs7FNH88792ycfB4yLmM= X-Forefront-Antispam-Report: CIP:194.138.21.76;CTRY:DE;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:hybrid.siemens.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230028)(4636009)(346002)(39860400002)(376002)(136003)(396003)(451199021)(40470700004)(46966006)(36840700001)(86362001)(36756003)(6666004)(316002)(54906003)(4326008)(70586007)(6916009)(478600001)(70206006)(82310400005)(40480700001)(15650500001)(8936002)(30864003)(8676002)(41300700001)(2906002)(356005)(5660300002)(82960400001)(186003)(82740400003)(81166007)(16526019)(107886003)(956004)(1076003)(36860700001)(26005)(47076005)(336012)(83380400001)(2616005)(40460700003)(36900700001);DIR:OUT;SFP:1101; X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 09 May 2023 07:44:41.5475 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: e6eb0eed-0d62-4654-ae75-08db50613fd3 X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=38ae3bcd-9579-4fd4-adda-b42e1495d55a;Ip=[194.138.21.76];Helo=[hybrid.siemens.com] X-MS-Exchange-CrossTenant-AuthSource: VE1EUR01FT011.eop-EUR01.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DU0PR10MB6801 X-Original-Sender: tobias.schaffner@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=Zb7085hW; arc=pass (i=1 spf=pass spfdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of tobias.schaffner@siemens.com designates 2a01:111:f400:7e1a::61c as permitted sender) smtp.mailfrom=tobias.schaffner@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com X-Original-From: "T. Schaffner" Reply-To: "T. Schaffner" Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Status: No, score=-1.2 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RCVD_IN_MSPIKE_H2,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= From: Tobias Schaffner Do the complete user and group creation in python. This allows us to drop the encoding and parsing code that was used to make the user and group lists available in the shell function. Signed-off-by: Tobias Schaffner --- meta/classes/image-account-extension.bbclass | 368 +++++++------------ 1 file changed, 124 insertions(+), 244 deletions(-) diff --git a/meta/classes/image-account-extension.bbclass b/meta/classes/image-account-extension.bbclass index 1a1f704d..ab7b48a4 100644 --- a/meta/classes/image-account-extension.bbclass +++ b/meta/classes/image-account-extension.bbclass @@ -1,5 +1,5 @@ # This software is a part of ISAR. -# Copyright (C) Siemens AG, 2019 +# Copyright (C) Siemens AG, 2019-2023 # # SPDX-License-Identifier: MIT # @@ -25,251 +25,131 @@ GROUPS ??= "" #GROUP_root[gid] = "" #GROUP_root[flags] = "system" -def gen_accounts_array(d, listname, entryname, flags, verb_flags=None): - from itertools import chain - - entries = (d.getVar(listname) or "").split() - return " ".join( - ":".join( - chain( - (entry,), - ( - (",".join( - ( - d.getVarFlag(entryname + "_" + entry, flag, True) or "" - ).split() - ) if flag not in (verb_flags or []) else ( - d.getVarFlag(entryname + "_" + entry, flag, True) or "" - )).replace(":","=") - for flag in flags - ), - ) - ) - for entry in entries - ) - -# List of space separated entries, where each entry has the format: -# username:encryptedpassword:expiredate:inactivenumber:userid:groupid:comment:homedir:shell:group1,group2:flag1,flag2 -IMAGE_ACCOUNTS_USERS =+ "${@gen_accounts_array(d, 'USERS', 'USER', ['password', 'expire', 'inactive', 'uid', 'gid', 'comment', 'home', 'shell', 'groups', 'flags'], ['password', 'comment', 'home', 'shell'])}" - -# List of space separated entries, where each entry has the format: -# groupname:groupid:flag1,flag2 -IMAGE_ACCOUNTS_GROUPS =+ "${@gen_accounts_array(d, 'GROUPS', 'GROUP', ['gid', 'flags'])}" - -do_rootfs_install[vardeps] += "${IMAGE_ACCOUNTS_GROUPS} ${IMAGE_ACCOUNTS_USERS}" -ROOTFS_POSTPROCESS_COMMAND += "image_postprocess_accounts" -image_postprocess_accounts() { - # Create groups - # Add space to the end of the list: - list='${@" ".join(d.getVar('IMAGE_ACCOUNTS_GROUPS').split())} ' - while true; do - # Pop first group entry: - list_rest="${list#*:*:* }" - entry="${list%%${list_rest}}" - list="${list_rest}" - - if [ -z "${entry}" ]; then - break - fi - - # Add colon to the end of the entry and remove trailing space: - entry="${entry% }:" - - # Decode entries: - name="${entry%%:*}" - entry="${entry#${name}:}" - - gid="${entry%%:*}" - entry="${entry#${gid}:}" - - flags="${entry%%:*}" - entry="${entry#${flags}:}" - - flags=",${flags}," # Needed for searching for substrings - - # Check if user already exists: - if grep -q "^${name}:" '${ROOTFSDIR}/etc/group'; then - exists="y" - else - exists="n" - fi - - # Create arguments: - set -- # clear arguments - - if [ -n "$gid" ]; then - set -- "$@" --gid "$gid" - fi - - if [ "n" = "$exists" ]; then - if [ "${flags}" != "${flags%*,system,*}" ]; then - set -- "$@" --system - fi - fi - - # Create or modify groups: - if [ "y" = "$exists" ]; then - if [ -z "$@" ]; then - echo "Do not execute groupmod (no changes)." - else - echo "Execute groupmod with \"$@\" for \"$name\"" - sudo -E chroot '${ROOTFSDIR}' \ - /usr/sbin/groupmod "$@" "$name" - fi - else - echo "Execute groupadd with \"$@\" for \"$name\"" - sudo -E chroot '${ROOTFSDIR}' \ - /usr/sbin/groupadd "$@" "$name" - fi - done - - # Create users - list='${@" ".join(d.getVar('IMAGE_ACCOUNTS_USERS').split())} ' - while true; do - # Pop first user entry: - list_rest="${list#*:*:*:*:*:*:*:*:*:*:* }" - entry="${list%%${list_rest}}" - list="${list_rest}" - - if [ -z "${entry}" ]; then - break - fi - - # Add colon to the end of the entry and remove trailing space: - entry="${entry% }:" - - # Decode entries: - name="${entry%%:*}" - entry="${entry#${name}:}" - - password="${entry%%:*}" - entry="${entry#${password}:}" - - expire="${entry%%:*}" - entry="${entry#${expire}:}" - - inactive="${entry%%:*}" - entry="${entry#${inactive}:}" - - uid="${entry%%:*}" - entry="${entry#${uid}:}" - - gid="${entry%%:*}" - entry="${entry#${gid}:}" - - comment="${entry%%:*}" - entry="${entry#${comment}:}" - - home="${entry%%:*}" - entry="${entry#${home}:}" - - shell="${entry%%:*}" - entry="${entry#${shell}:}" - - groups="${entry%%:*}" - entry="${entry#${groups}:}" - - flags="${entry%%:*}" - entry="${entry#${flags}:}" - - flags=",${flags}," # Needed for searching for substrings - - # Check if user already exists: - if grep -q "^${name}:" '${ROOTFSDIR}/etc/passwd'; then - exists="y" - else - exists="n" - fi - - # Create arguments: - set -- # clear arguments - - if [ -n "$expire" ]; then - set -- "$@" --expiredate "$expire" - fi - - if [ -n "$inactive" ]; then - set -- "$@" --inactive "$inactive" - fi - - if [ -n "$uid" ]; then - set -- "$@" --uid "$uid" - fi - - if [ -n "$gid" ]; then - set -- "$@" --gid "$gid" - fi - - if [ -n "$comment" ]; then - set -- "$@" --comment "$comment" - fi - - if [ -n "$home" ]; then - if [ "y" = "$exists" ]; then - set -- "$@" --home "$home" --move-home - else - set -- "$@" --home-dir "$home" - fi - fi - - if [ -n "$shell" ]; then - set -- "$@" --shell "$shell" - fi - - if [ -n "$groups" ]; then - set -- "$@" --groups "$groups" - fi - - if [ "n" = "$exists" ]; then - if [ "${flags}" != "${flags%*,system,*}" ]; then - set -- "$@" --system - fi - if [ "${flags}" != "${flags%*,no-create-home,*}" ]; then - set -- "$@" --no-create-home - else - if [ "${flags}" != "${flags%*,create-home,*}" ]; then - set -- "$@" --create-home - fi - fi - fi - - # Create or modify users: - if [ "y" = "$exists" ]; then - if [ -z "$@" ]; then - echo "Do not execute usermod (no changes)." - else - echo "Execute usermod with \"$@\" for \"$name\"" - sudo -E chroot '${ROOTFSDIR}' \ - /usr/sbin/usermod "$@" "$name" - fi - else - echo "Execute useradd with \"$@\" for \"$name\"" - sudo -E chroot '${ROOTFSDIR}' \ - /usr/sbin/useradd "$@" "$name" - fi - - # Set password: - if [ -n "$password" -o "${flags}" != "${flags%*,allow-empty-password,*}" ]; then - chpasswd_args="-e" - if [ "${flags}" != "${flags%*,clear-text-password,*}" ]; then +def image_create_groups(d: "DataSmart") -> None: + """Creates the groups defined in the ``GROUPS`` bitbake variable. + + Args: + d (DataSmart): The bitbake datastore. + + Returns: + None + """ + entries = (d.getVar("GROUPS") or "").split() + rootfsdir = d.getVar("ROOTFSDIR") + chroot = ["sudo", "-E", "chroot", rootfsdir] + + for entry in entries: + args = [] + group_entry = "GROUP_{}".format(entry) + + with open("{}/etc/group".format(rootfsdir), "r") as group_file: + exists = any(line.startswith("{}:".format(entry)) for line in group_file) + + gid = d.getVarFlag(group_entry, "gid") or "" + if gid: + args.append("--gid") + args.append(gid) + + flags = (d.getVarFlag(group_entry, "flags") or "").split() + if "system" in flags: + args.append("--system") + + if exists: + if args: + bb.process.run([*chroot, "/usr/sbin/groupmod", *args, entry]) + else: + bb.process.run([*chroot, "/usr/sbin/groupadd", *args, entry]) + + +def image_create_users(d: "DataSmart") -> None: + """Creates the users defined in the ``USERS`` bitbake variable. + + Args: + d (DataSmart): The bitbake datastore. + + Returns: + None + """ + import hashlib + import crypt + + entries = (d.getVar("USERS") or "").split() + rootfsdir = d.getVar("ROOTFSDIR") + chroot = ["sudo", "-E", "chroot", rootfsdir] + + for entry in entries: + args = [] + user_entry = "USER_{}".format(entry) + + with open("{}/etc/passwd".format(rootfsdir), "r") as passwd_file: + exists = any(line.startswith("{}:".format(entry)) for line in passwd_file) + + def add_user_option(option_name, flag_name): + flag_value = d.getVarFlag(user_entry, flag_name) or "" + if flag_value: + args.append(option_name) + args.append(flag_value) + + add_user_option("--expire", "expiredate") + add_user_option("--inactive", "inactive") + add_user_option("--uid", "uid") + add_user_option("--gid", "gid") + add_user_option("--comment", "comment") + add_user_option("--shell", "shell") + + groups = d.getVarFlag(user_entry, "groups") or "" + if groups: + args.append("--groups") + args.append(groups.replace(' ', ',')) + + flags = (d.getVarFlag(user_entry, "flags") or "").split() + + if exists: + add_user_option("--home", "home") + if d.getVarFlag(user_entry, "home") or "": + args.append("--move-home") + else: + add_user_option("--home-dir", "home") + + if "system" in flags: + args.append("--system") + if "no-create-home" in flags: + args.append("--no-create-home") + if "create-home" in flags: + args.append("--create-home") + + if exists: + if args: + bb.process.run([*chroot, "/usr/sbin/usermod", *args, entry]) + else: + bb.process.run([*chroot, "/usr/sbin/useradd", *args, entry]) + + command = [*chroot, "/usr/sbin/chpasswd"] + password = d.getVarFlag(user_entry, "password") or "" + if password or "allow-empty-password" in flags: + if "clear-text-password" in flags: + # chpasswd adds a random salt when running against a clear-text password. # For reproducible images, we manually generate the password and use the # SOURCE_DATE_EPOCH to generate the salt in a deterministic way. - if [ -z "${SOURCE_DATE_EPOCH}" ]; then - chpasswd_args="" - else - salt="$(echo "${SOURCE_DATE_EPOCH}" | sha256sum -z | cut -c 1-15)" - password="$(openssl passwd -6 -salt $salt "$password")" - fi - fi - printf '%s:%s' "$name" "$password" | sudo chroot '${ROOTFSDIR}' \ - /usr/sbin/chpasswd $chpasswd_args - fi - if [ "${flags}" != "${flags%*,force-passwd-change,*}" ]; then - echo "Execute passwd to force password change on first boot for \"$name\"" - sudo -E chroot '${ROOTFSDIR}' \ - /usr/bin/passwd --expire "$name" - fi - done + source_date_epoch = d.getVar("SOURCE_DATE_EPOCH") or "" + if source_date_epoch: + command.append("-e") + salt = hashlib.sha256("{}\n".format(source_date_epoch).encode()).hexdigest()[0:15] + password = crypt.crypt(password, "$6${}".format(salt)) + + else: + command.append("-e") + + bb.process.run(command, "{}:{}".format(entry, password).encode()) + + if "force-passwd-change" in flags: + bb.process.run([*chroot, "/usr/sbin/passwd", "--expire", entry]) + + +ROOTFS_POSTPROCESS_COMMAND += "image_postprocess_accounts" +python image_postprocess_accounts() { + image_create_groups(d) + image_create_users(d) }