From patchwork Mon May 22 06:55:28 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tobias Schaffner X-Patchwork-Id: 2821 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Mon, 22 May 2023 08:56:07 +0200 X-Sieve: CMU Sieve 2.4 Received: from mail-lf1-f62.google.com (mail-lf1-f62.google.com [209.85.167.62]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 34M6u6UY015504 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 22 May 2023 08:56:06 +0200 Received: by mail-lf1-f62.google.com with SMTP id 2adb3069b0e04-4f19bffbc23sf3228594e87.1; Sun, 21 May 2023 23:56:06 -0700 (PDT) ARC-Seal: i=3; a=rsa-sha256; t=1684738561; cv=pass; d=google.com; s=arc-20160816; b=nN2jaFLToBnYWgSPFwuC0+V9ydfi6ftJ6UAgAh+mvzO1FRRG0PCoplB1DhpN4Cy+Kq poAxecqEyHMjWSjo3knTpjQApEouCzg/V+PBb9UEIg3VigMW48rMxDasJqAJBxiQDRHN 45LoxIuQarVEpAtSgL3ev4y1o4f/+wHb3EmuCZlJmB6WcOLffEDgCwQIFkpkPK1bjsDV I5H59e0J163WJUbdrDgjt354x1QSWlctrpmysrLFEax5ldARRt91+O+4Rl9y6xH6RlJq LkZxl8IolmYvvErF/PU25N+6Oca9+evhfLuyTacez5nshs+c4UeLZM3eaFfCFdkD2gD0 GDbA== ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:mime-version:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature; bh=/UYm65THGIOi1lXnwP7WiJL9tqHfzdkxxiPEMxLgNXI=; b=r6k6BKMNtX8u2cWo3FOgssypTn8ffN1xmHI6Jf5RrxKY7DkglSilT7stODVefobD4O 7McHA0lSAEl90qGcK2KAFndqATzs/gZjorYfzDEnaUG3COwkdN+RUX3QhAXgz3b1C4kf x7Omg4WnSC6DHlz4guaG4Hh5ghlKStGHxYJbojV/a30zOQm2cawjjN0ewvpYnXCbRWf4 C43w8K6r32hkT8DyYFkXwgr3Gvm7kDpD1DOc+CmxtmAczt4dnql33uHp6jMAtUHY8QAU 0aDqoLq9gXPdUJJlICa9wEqwKsQJn/afpQMZD3f+ZFX90dXN9oa96TXvJNuwbAZ3JpXP 26YA== ARC-Authentication-Results: i=3; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=HJyPacEv; arc=pass (i=1 spf=pass spfdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of tobias.schaffner@siemens.com designates 2a01:111:f400:fe13::608 as permitted sender) smtp.mailfrom=tobias.schaffner@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20221208; t=1684738561; x=1687330561; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from:from:to :cc:subject:date:message-id:reply-to; bh=/UYm65THGIOi1lXnwP7WiJL9tqHfzdkxxiPEMxLgNXI=; b=cxZBiEXLvmweDlIgOPwEnLI2NhkScG8WQzGx1ItDxTRtBul4pbpaxubNOHURH/2uRq /4obmiFTOCLQcjTa32mZmqkhUZKQ05nyKpf7L5dA5258Xn+GT5xznLCRXF1yqo9IidTu qp74E6ZugJg+EBVI6WiT5g4BFlnV8dUShSSPTxctFe8bvYXmhUMaIyMMlr5EbNqClLaG 5nbK9sRAPD8Le81wdfZO8VdOQiLNf4PAH6llZ9kD/UzAZjqoHyoSeKu7crSLcqpH1ANU cbNT7broOiY+AdBFn/5vEgxzUnLmeCZyjMkkd8xkj7cRXT0xel2txUyYAQe7QRVnO/xm os5w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1684738561; x=1687330561; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :x-beenthere:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=/UYm65THGIOi1lXnwP7WiJL9tqHfzdkxxiPEMxLgNXI=; b=kldzq8QjU+HAPnqHs3qqeHnZGwexyTWzhPWvljEPEP4sqD8Mfo1XazGgk5XIAaSObr M/vAHFq/Je9VnHddcefqcBIhuZMy7EKGInSJKjYdZtX8MATtkKpFQjTnR1zeVcUjLqQ7 W3dqOt4XMWxc8YV05A0upadFNP0n5CGdldBM5+w3WYibrJmLp068eB3vzpAtdUqvA/q1 JIPxHTwAXJ/1J7omqz0WHChWGYKeVIgfIC/bwUAO5OkitH/NPueVrH8GspwtkmwfZ3Iy cJ0mFCTQitZ8/71jWm8HgDHO324pzzNU78X/VMiodZYv4lR78EZi4LigfEipk68X9tNh oGTw== X-Gm-Message-State: AC+VfDzGwREqYX2a9YD0zbw4sGvpOjbDFDYYD4yxgtXhUgfSGgzksTQG 4iwdwdP7RebjnzIKY0/kk/I= X-Google-Smtp-Source: ACHHUZ6d2QOMhSwtSHM+9AANOoRP6pYvmJlrDcB8OyJkYtpcfjq9qzXUMji8TO7thSUGSspfd20FDQ== X-Received: by 2002:ac2:44ce:0:b0:4f3:a9f2:f874 with SMTP id d14-20020ac244ce000000b004f3a9f2f874mr2322134lfm.0.1684738560888; Sun, 21 May 2023 23:56:00 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com Received: by 2002:a05:651c:545:b0:2ac:831f:b82f with SMTP id q5-20020a05651c054500b002ac831fb82fls48349ljp.0.-pod-prod-09-eu; Sun, 21 May 2023 23:55:59 -0700 (PDT) X-Received: by 2002:a2e:9d02:0:b0:2a0:3f9f:fec6 with SMTP id t2-20020a2e9d02000000b002a03f9ffec6mr3769331lji.37.1684738559527; Sun, 21 May 2023 23:55:59 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1684738559; cv=pass; d=google.com; s=arc-20160816; b=a39ConEgF6yCyt7NpkNpq0oCjPWyqC0tQV6/IQhzfCNr3O4IoC9mKs4JXUpCYxmyE0 K3+VtFKPlRj7Uus+uZadqBDbXct17Ofa2jClVl1jjgMFX9maT4VXE3ozJksyUucMoWT9 JM1N12gxkFBG89NTKGMJoyHLktsnJ8juKFLZ1e1BZkM8BcE85oC+Ur9mySz+uqbi0bW+ pesn2B6TW6r9yDT6zus+2C1gCaj7+JWjbDhMF9Ml7JT2wOTaCfS6YRtHKZka8m5iPKq+ ngPrtZvpP4eu5o7zgiLJ5kGQOy5LJ9dcmIUEpdW9eIe4pdi6+BBRsfglJJsqyL6HhhcJ L0Qw== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=EexWQs+iqzfAHsMuMLN2st82VjDu97uRawPLPMDrkGo=; b=TI3hXTbXDaTsm0DEbg8lhBe/hggObQOMS6wOr3ZyiJt/Jq83pmj/DgbEDmnLQ3HnkJ cRqU0T+Kk4jzfA8fphallpCWJ3ragBjAI0JFIJsu4tYb0AKlOOST3EGyVVMwa5lopqnq t7GUIIlGQxXZVjVk7i94uq3bfuGCox/WUeEaqoTWDiMLwmC6In4XGqSzU6d1g11bP8iF MoYaQC2GFdWW2NczSgH30kSnjF/f2cUKCy+3QkbxQe9jtDhH50ZVNj9XYQ2Pb44zxALY eQDN3EKBQbskPZfDpP5A1bzhDg1CGkYakfzzayq1bjNqpIaeMRDLAY9eFwEUptGhUMSX UgxA== ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=HJyPacEv; arc=pass (i=1 spf=pass spfdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of tobias.schaffner@siemens.com designates 2a01:111:f400:fe13::608 as permitted sender) smtp.mailfrom=tobias.schaffner@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com Received: from EUR02-AM0-obe.outbound.protection.outlook.com (mail-am0eur02on20608.outbound.protection.outlook.com. [2a01:111:f400:fe13::608]) by gmr-mx.google.com with ESMTPS id by12-20020a05651c1a0c00b002a77f4969bdsi343223ljb.5.2023.05.21.23.55.59 for (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Sun, 21 May 2023 23:55:59 -0700 (PDT) Received-SPF: pass (google.com: domain of tobias.schaffner@siemens.com designates 2a01:111:f400:fe13::608 as permitted sender) client-ip=2a01:111:f400:fe13::608; ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=QDV2iHaZ3pTuO5xGRwd8D/+3tCJBjp2IjFiy7tlvmdsrWo7pKvPztYf48UTn6UNzkhohIlc5h5P3r98behgqU9QROCZ4/eOkP53GmEXss1o2suZx88NjDjW8Zvj6ANB3ulOMwICuw1QBf63wmYYxBuD8TYKy2WQGExiHkXb9vQPowTyEQ3cQu5Ha67DZJsRlEF4yWdKlg2fxuP8TP/0noLl2HumIVrTxdNPrwz94yO8rjtXbRTwjAY9M7d8cwcc36C9zMAviLQmBZuyEpaBY0y8Q/N+n8+bUFp+j1WEY8SiCB3fFEJNa0+dhgO45FM/yUnGXQnKz3QyM1aXfWj9H9g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=EexWQs+iqzfAHsMuMLN2st82VjDu97uRawPLPMDrkGo=; b=n6Mf2H8z8iQvC48gKmsROFAMw4hr/vNVsuyEeM72Z7vHlev2BXCI945ojGFEm7jN6oYNXn1cwm2/UUUMRrPzgGQTaded51IqfwJqj7bc9ZUHWHlXBEUXf9OD/s0yIV+7PkxftWLg4exGZ6EjdAejCHb2HFwViy7tenu32sf6PfucIdNsqR3RdR4hVHXmLOY9KFjkItm2pH8Q5Mb/aSziX2Bn/jCK0L5CYU7/I8bi99xZc0Etupa0e1+OxuaNTboe5/aGblMu7o4J98oLJuxm+nXvs925aJwFAFCvYGBeIUexcbww6U4UxapgnYFbhNIepLEcQKr0XDBr1S9x6XMBDA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 194.138.21.76) smtp.rcpttodomain=googlegroups.com smtp.mailfrom=siemens.com; dmarc=pass (p=reject sp=reject pct=100) action=none header.from=siemens.com; dkim=none (message not signed); arc=none Received: from GVYP280CA0045.SWEP280.PROD.OUTLOOK.COM (2603:10a6:150:f9::14) by AS8PR10MB7017.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:5a4::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6411.28; Mon, 22 May 2023 06:55:57 +0000 Received: from HE1EUR01FT065.eop-EUR01.prod.protection.outlook.com (2603:10a6:150:f9:cafe::b2) by GVYP280CA0045.outlook.office365.com (2603:10a6:150:f9::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6411.28 via Frontend Transport; Mon, 22 May 2023 06:55:57 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 194.138.21.76) smtp.mailfrom=siemens.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=siemens.com; Received-SPF: Pass (protection.outlook.com: domain of siemens.com designates 194.138.21.76 as permitted sender) receiver=protection.outlook.com; client-ip=194.138.21.76; helo=hybrid.siemens.com; pr=C Received: from hybrid.siemens.com (194.138.21.76) by HE1EUR01FT065.mail.protection.outlook.com (10.152.0.242) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6433.13 via Frontend Transport; Mon, 22 May 2023 06:55:57 +0000 Received: from DEMCHDC8WBA.ad011.siemens.net (139.25.226.105) by DEMCHDC8VSA.ad011.siemens.net (194.138.21.76) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1118.25; Mon, 22 May 2023 08:55:56 +0200 Received: from L15-Gen2.fritz.box (139.22.37.93) by DEMCHDC8WBA.ad011.siemens.net (139.25.226.105) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1118.25; Mon, 22 May 2023 08:55:55 +0200 X-Patchwork-Original-From: "'T. Schaffner' via isar-users" From: Tobias Schaffner To: CC: , , , Tobias Schaffner Subject: [PATCH v3 1/4] simplify image-account-extension Date: Mon, 22 May 2023 08:55:28 +0200 Message-ID: <20230522065531.2300448-2-tobias.schaffner@siemens.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20230522065531.2300448-1-tobias.schaffner@siemens.com> References: <20230522065531.2300448-1-tobias.schaffner@siemens.com> MIME-Version: 1.0 X-Originating-IP: [139.22.37.93] X-ClientProxiedBy: DEMCHDC8WAA.ad011.siemens.net (139.25.226.104) To DEMCHDC8WBA.ad011.siemens.net (139.25.226.105) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: HE1EUR01FT065:EE_|AS8PR10MB7017:EE_ X-MS-Office365-Filtering-Correlation-Id: 5f341c1e-b43e-4b49-dc5f-08db5a91983e X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: qL+hpBwPMlKE7vXdQpNCfYyoGzI01vZoqU/hnFmH+QY4ekrbTgyIpWS3w1h/zGfHgwOS0B7j9DnWqml4NxjDbqnhTvBu9ScOIrMc+QxMzOBEQoOto82HvV2gEFOoqzJkCYaX4M5J/GUEHF5dU5ft/lfJu3/wdrh8uATNIpRae3itffq51ERcyEyV4p05mjYodJYFtQcxSUBQzWBt0opWEo+WSHLNmfo6+EojdpVTcNRqbhEszEFRaol4OJIVakqnG9bmKbPRgzZUFr4CZ6upfUuJIpEAyttIPvvFmHM3MfkrBa0HDaY7yoOnjeTvvMvHRnnG03N7GZaaL0epSat3YoSNE216Qwrqf9XP7zC+lRZKWYY/t6gLEFMvWahM+8TfM3yW3O8RVNKnfqZrl4l1vpfH+HBBfBqlZEyAWqmamx5RAZ0AFtcyO8YBpekAABZ14gXrex3wl3py95aLqrml9DkVQPYWKMy4TU1wZfhwiPk/87JAzLAt3TeCAuLHw5AlK6IkhmKdz0hkjACLXDQ7QL42VbHzdQ/BQHyMFIL7FjIHBQKeZTFngf5vYIHBmIULNsLS/f7yZJWe0h8OvO5A6uiClavPKBBsFCi87uv4mvFdZ1bTnvY+0i4V8xFfvF8I0mVmhDSU0xofP46ocsmSwkR/6eZIuuyoXCHPpJmx3PRShSF9dhpBzCwiPVEAxji6AslC2OAF3fUI2VDc5jqY/Xf7GwGc5h4Pd/gjrI4uAZ4/OEkmMX0scHNUpBJk+Q25nZAtlw6dkQaozjYUYBInwg== X-Forefront-Antispam-Report: CIP:194.138.21.76;CTRY:DE;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:hybrid.siemens.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230028)(4636009)(136003)(346002)(376002)(39860400002)(396003)(451199021)(40470700004)(36840700001)(46966006)(15650500001)(5660300002)(41300700001)(82960400001)(40480700001)(82740400003)(6916009)(4326008)(40460700003)(316002)(8936002)(8676002)(70206006)(70586007)(86362001)(356005)(36756003)(83380400001)(6666004)(36860700001)(336012)(1076003)(956004)(26005)(186003)(16526019)(2616005)(47076005)(54906003)(30864003)(81166007)(2906002)(82310400005)(107886003)(478600001)(36900700001);DIR:OUT;SFP:1101; X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 22 May 2023 06:55:57.3068 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 5f341c1e-b43e-4b49-dc5f-08db5a91983e X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=38ae3bcd-9579-4fd4-adda-b42e1495d55a;Ip=[194.138.21.76];Helo=[hybrid.siemens.com] X-MS-Exchange-CrossTenant-AuthSource: HE1EUR01FT065.eop-EUR01.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS8PR10MB7017 X-Original-Sender: tobias.schaffner@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=HJyPacEv; arc=pass (i=1 spf=pass spfdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of tobias.schaffner@siemens.com designates 2a01:111:f400:fe13::608 as permitted sender) smtp.mailfrom=tobias.schaffner@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com X-Original-From: "T. Schaffner" Reply-To: "T. Schaffner" Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Status: No, score=-1.2 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RCVD_IN_MSPIKE_H2,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= From: Tobias Schaffner Do the complete user and group creation in python. This allows us to drop the encoding and parsing code that was used to make the user and group lists available in the shell function. Signed-off-by: Tobias Schaffner --- meta/classes/image-account-extension.bbclass | 368 +++++++------------ 1 file changed, 124 insertions(+), 244 deletions(-) diff --git a/meta/classes/image-account-extension.bbclass b/meta/classes/image-account-extension.bbclass index 1a1f704d..5080202d 100644 --- a/meta/classes/image-account-extension.bbclass +++ b/meta/classes/image-account-extension.bbclass @@ -1,5 +1,5 @@ # This software is a part of ISAR. -# Copyright (C) Siemens AG, 2019 +# Copyright (C) Siemens AG, 2019-2023 # # SPDX-License-Identifier: MIT # @@ -25,251 +25,131 @@ GROUPS ??= "" #GROUP_root[gid] = "" #GROUP_root[flags] = "system" -def gen_accounts_array(d, listname, entryname, flags, verb_flags=None): - from itertools import chain - - entries = (d.getVar(listname) or "").split() - return " ".join( - ":".join( - chain( - (entry,), - ( - (",".join( - ( - d.getVarFlag(entryname + "_" + entry, flag, True) or "" - ).split() - ) if flag not in (verb_flags or []) else ( - d.getVarFlag(entryname + "_" + entry, flag, True) or "" - )).replace(":","=") - for flag in flags - ), - ) - ) - for entry in entries - ) - -# List of space separated entries, where each entry has the format: -# username:encryptedpassword:expiredate:inactivenumber:userid:groupid:comment:homedir:shell:group1,group2:flag1,flag2 -IMAGE_ACCOUNTS_USERS =+ "${@gen_accounts_array(d, 'USERS', 'USER', ['password', 'expire', 'inactive', 'uid', 'gid', 'comment', 'home', 'shell', 'groups', 'flags'], ['password', 'comment', 'home', 'shell'])}" - -# List of space separated entries, where each entry has the format: -# groupname:groupid:flag1,flag2 -IMAGE_ACCOUNTS_GROUPS =+ "${@gen_accounts_array(d, 'GROUPS', 'GROUP', ['gid', 'flags'])}" - -do_rootfs_install[vardeps] += "${IMAGE_ACCOUNTS_GROUPS} ${IMAGE_ACCOUNTS_USERS}" -ROOTFS_POSTPROCESS_COMMAND += "image_postprocess_accounts" -image_postprocess_accounts() { - # Create groups - # Add space to the end of the list: - list='${@" ".join(d.getVar('IMAGE_ACCOUNTS_GROUPS').split())} ' - while true; do - # Pop first group entry: - list_rest="${list#*:*:* }" - entry="${list%%${list_rest}}" - list="${list_rest}" - - if [ -z "${entry}" ]; then - break - fi - - # Add colon to the end of the entry and remove trailing space: - entry="${entry% }:" - - # Decode entries: - name="${entry%%:*}" - entry="${entry#${name}:}" - - gid="${entry%%:*}" - entry="${entry#${gid}:}" - - flags="${entry%%:*}" - entry="${entry#${flags}:}" - - flags=",${flags}," # Needed for searching for substrings - - # Check if user already exists: - if grep -q "^${name}:" '${ROOTFSDIR}/etc/group'; then - exists="y" - else - exists="n" - fi - - # Create arguments: - set -- # clear arguments - - if [ -n "$gid" ]; then - set -- "$@" --gid "$gid" - fi - - if [ "n" = "$exists" ]; then - if [ "${flags}" != "${flags%*,system,*}" ]; then - set -- "$@" --system - fi - fi - - # Create or modify groups: - if [ "y" = "$exists" ]; then - if [ -z "$@" ]; then - echo "Do not execute groupmod (no changes)." - else - echo "Execute groupmod with \"$@\" for \"$name\"" - sudo -E chroot '${ROOTFSDIR}' \ - /usr/sbin/groupmod "$@" "$name" - fi - else - echo "Execute groupadd with \"$@\" for \"$name\"" - sudo -E chroot '${ROOTFSDIR}' \ - /usr/sbin/groupadd "$@" "$name" - fi - done - - # Create users - list='${@" ".join(d.getVar('IMAGE_ACCOUNTS_USERS').split())} ' - while true; do - # Pop first user entry: - list_rest="${list#*:*:*:*:*:*:*:*:*:*:* }" - entry="${list%%${list_rest}}" - list="${list_rest}" - - if [ -z "${entry}" ]; then - break - fi - - # Add colon to the end of the entry and remove trailing space: - entry="${entry% }:" - - # Decode entries: - name="${entry%%:*}" - entry="${entry#${name}:}" - - password="${entry%%:*}" - entry="${entry#${password}:}" - - expire="${entry%%:*}" - entry="${entry#${expire}:}" - - inactive="${entry%%:*}" - entry="${entry#${inactive}:}" - - uid="${entry%%:*}" - entry="${entry#${uid}:}" - - gid="${entry%%:*}" - entry="${entry#${gid}:}" - - comment="${entry%%:*}" - entry="${entry#${comment}:}" - - home="${entry%%:*}" - entry="${entry#${home}:}" - - shell="${entry%%:*}" - entry="${entry#${shell}:}" - - groups="${entry%%:*}" - entry="${entry#${groups}:}" - - flags="${entry%%:*}" - entry="${entry#${flags}:}" - - flags=",${flags}," # Needed for searching for substrings - - # Check if user already exists: - if grep -q "^${name}:" '${ROOTFSDIR}/etc/passwd'; then - exists="y" - else - exists="n" - fi - - # Create arguments: - set -- # clear arguments - - if [ -n "$expire" ]; then - set -- "$@" --expiredate "$expire" - fi - - if [ -n "$inactive" ]; then - set -- "$@" --inactive "$inactive" - fi - - if [ -n "$uid" ]; then - set -- "$@" --uid "$uid" - fi - - if [ -n "$gid" ]; then - set -- "$@" --gid "$gid" - fi - - if [ -n "$comment" ]; then - set -- "$@" --comment "$comment" - fi - - if [ -n "$home" ]; then - if [ "y" = "$exists" ]; then - set -- "$@" --home "$home" --move-home - else - set -- "$@" --home-dir "$home" - fi - fi - - if [ -n "$shell" ]; then - set -- "$@" --shell "$shell" - fi - - if [ -n "$groups" ]; then - set -- "$@" --groups "$groups" - fi - - if [ "n" = "$exists" ]; then - if [ "${flags}" != "${flags%*,system,*}" ]; then - set -- "$@" --system - fi - if [ "${flags}" != "${flags%*,no-create-home,*}" ]; then - set -- "$@" --no-create-home - else - if [ "${flags}" != "${flags%*,create-home,*}" ]; then - set -- "$@" --create-home - fi - fi - fi - - # Create or modify users: - if [ "y" = "$exists" ]; then - if [ -z "$@" ]; then - echo "Do not execute usermod (no changes)." - else - echo "Execute usermod with \"$@\" for \"$name\"" - sudo -E chroot '${ROOTFSDIR}' \ - /usr/sbin/usermod "$@" "$name" - fi - else - echo "Execute useradd with \"$@\" for \"$name\"" - sudo -E chroot '${ROOTFSDIR}' \ - /usr/sbin/useradd "$@" "$name" - fi - - # Set password: - if [ -n "$password" -o "${flags}" != "${flags%*,allow-empty-password,*}" ]; then - chpasswd_args="-e" - if [ "${flags}" != "${flags%*,clear-text-password,*}" ]; then +def image_create_groups(d: "DataSmart") -> None: + """Creates the groups defined in the ``GROUPS`` bitbake variable. + + Args: + d (DataSmart): The bitbake datastore. + + Returns: + None + """ + entries = (d.getVar("GROUPS") or "").split() + rootfsdir = d.getVar("ROOTFSDIR") + chroot = ["sudo", "-E", "chroot", rootfsdir] + + for entry in entries: + args = [] + group_entry = "GROUP_{}".format(entry) + + with open("{}/etc/group".format(rootfsdir), "r") as group_file: + exists = any(line.startswith("{}:".format(entry)) for line in group_file) + + gid = d.getVarFlag(group_entry, "gid") or "" + if gid: + args.append("--gid") + args.append(gid) + + if exists: + if args: + bb.process.run([*chroot, "/usr/sbin/groupmod", *args, entry]) + else: + flags = (d.getVarFlag(group_entry, "flags") or "").split() + if "system" in flags: + args.append("--system") + + bb.process.run([*chroot, "/usr/sbin/groupadd", *args, entry]) + + +def image_create_users(d: "DataSmart") -> None: + """Creates the users defined in the ``USERS`` bitbake variable. + + Args: + d (DataSmart): The bitbake datastore. + + Returns: + None + """ + import hashlib + import crypt + + entries = (d.getVar("USERS") or "").split() + rootfsdir = d.getVar("ROOTFSDIR") + chroot = ["sudo", "-E", "chroot", rootfsdir] + + for entry in entries: + args = [] + user_entry = "USER_{}".format(entry) + + with open("{}/etc/passwd".format(rootfsdir), "r") as passwd_file: + exists = any(line.startswith("{}:".format(entry)) for line in passwd_file) + + def add_user_option(option_name, flag_name): + flag_value = d.getVarFlag(user_entry, flag_name) or "" + if flag_value: + args.append(option_name) + args.append(flag_value) + + add_user_option("--expire", "expiredate") + add_user_option("--inactive", "inactive") + add_user_option("--uid", "uid") + add_user_option("--gid", "gid") + add_user_option("--comment", "comment") + add_user_option("--shell", "shell") + + groups = d.getVarFlag(user_entry, "groups") or "" + if groups: + args.append("--groups") + args.append(groups.replace(' ', ',')) + + flags = (d.getVarFlag(user_entry, "flags") or "").split() + + if exists: + add_user_option("--home", "home") + if d.getVarFlag(user_entry, "home") or "": + args.append("--move-home") + else: + add_user_option("--home-dir", "home") + + if "system" in flags: + args.append("--system") + if "no-create-home" in flags: + args.append("--no-create-home") + if "create-home" in flags: + args.append("--create-home") + + if exists: + if args: + bb.process.run([*chroot, "/usr/sbin/usermod", *args, entry]) + else: + bb.process.run([*chroot, "/usr/sbin/useradd", *args, entry]) + + command = [*chroot, "/usr/sbin/chpasswd"] + password = d.getVarFlag(user_entry, "password") or "" + if password or "allow-empty-password" in flags: + if "clear-text-password" in flags: + # chpasswd adds a random salt when running against a clear-text password. # For reproducible images, we manually generate the password and use the # SOURCE_DATE_EPOCH to generate the salt in a deterministic way. - if [ -z "${SOURCE_DATE_EPOCH}" ]; then - chpasswd_args="" - else - salt="$(echo "${SOURCE_DATE_EPOCH}" | sha256sum -z | cut -c 1-15)" - password="$(openssl passwd -6 -salt $salt "$password")" - fi - fi - printf '%s:%s' "$name" "$password" | sudo chroot '${ROOTFSDIR}' \ - /usr/sbin/chpasswd $chpasswd_args - fi - if [ "${flags}" != "${flags%*,force-passwd-change,*}" ]; then - echo "Execute passwd to force password change on first boot for \"$name\"" - sudo -E chroot '${ROOTFSDIR}' \ - /usr/bin/passwd --expire "$name" - fi - done + source_date_epoch = d.getVar("SOURCE_DATE_EPOCH") or "" + if source_date_epoch: + command.append("-e") + salt = hashlib.sha256("{}\n".format(source_date_epoch).encode()).hexdigest()[0:15] + password = crypt.crypt(password, "$6${}".format(salt)) + + else: + command.append("-e") + + bb.process.run(command, "{}:{}".format(entry, password).encode()) + + if "force-passwd-change" in flags: + bb.process.run([*chroot, "/usr/sbin/passwd", "--expire", entry]) + + +ROOTFS_POSTPROCESS_COMMAND += "image_postprocess_accounts" +python image_postprocess_accounts() { + image_create_groups(d) + image_create_users(d) }