From patchwork Thu May 21 16:21:46 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Cedric Hombourger X-Patchwork-Id: 5083 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Thu, 21 May 2026 18:22:46 +0200 X-Sieve: CMU Sieve 2.4 Received: from mail-oa1-f63.google.com (mail-oa1-f63.google.com [209.85.160.63]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 64LGMiSi000519 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Thu, 21 May 2026 18:22:45 +0200 Received: by mail-oa1-f63.google.com with SMTP id 586e51a60fabf-4398773e510sf7985637fac.3 for ; Thu, 21 May 2026 09:22:45 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1779380559; cv=pass; d=google.com; s=arc-20240605; b=Wr0Fk0e/EQfrUx9DP2XYRGJfhyayZC2So6PTGkI3mxsDZe9l5u7HPvKUleG29PoRKi JbIFVxLC4woO7ExT7+jugzcV6WyM1XHC3tqB27ZZeeIDQiuuGxqyp9IAr/glwCnakknD v2SQCTSHCZvMxAwdDxEcwVaIi/bLasoC7b0TFN8EGAJxLWkwJWZzn9Av83WHpgJY5oci Vv9KTcZRNAp1RuIzoE79e2St8w8kTArnghLvMjU9aWHqeibu8qqe8ysbUokr0ZoT2v81 6eI2dZNDaWvsBWPDtlHBGEZysOYG/CIeDwosNX3qMsHsWud5rTMaD7xAbU4f1GMdW1ru Ed4A== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:feedback-id:mime-version :message-id:date:subject:cc:to:from:dkim-signature; bh=d/kUWpzj/eQkO0HsN3D5C9x6b+UDp/PZtTt2Cj/SGJc=; fh=dU2+TNoWMSliZLSvIRqSFiJKLE7ML5BjKKQdi+DrQnk=; b=I+zL6PzMZwG8H8pYRW91jI06P0VkW10/lqYjBrdgheZkVegacSR0Kriw1uXlwqNo5W d2e5aW4MMe8VPBIZB3kqr/3C9I1kOwgYjWfnjf1sR1SnJSHyld3ndfCFfuVU71lmSBDn se86dY/8obVUWk0VZczTk+H1F5bdzs3J/9WNcT83XPaa++iUfPsjVRDhceTkI1YLoQ2C Nd/jbrV9SXuFMlkKWOswvNYmAtNHHRPujaAH4voLXZSEYZdivdmEBZahsq1zm4kaRmfK s8L0stTnK4H5YCdRu0eT/dU0wzt6eFwQlDyUNwri6MLGKwg2tFgJwFk0Ymo5nybVJqqW b7ew==; darn=isar-build.org ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=fm1 header.b=ICua+x3U; spf=pass (google.com: domain of fm-1212295-20260521162235f0da047b77000207a1-fejeoq@rts-flowmailer.siemens.com designates 185.136.64.227 as permitted sender) smtp.mailfrom=fm-1212295-20260521162235f0da047b77000207a1-FEJEoq@rts-flowmailer.siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20251104; t=1779380559; x=1779985359; darn=isar-build.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:feedback-id :mime-version:message-id:date:subject:cc:to:from:from:to:cc:subject :date:message-id:reply-to; bh=d/kUWpzj/eQkO0HsN3D5C9x6b+UDp/PZtTt2Cj/SGJc=; b=rKBV9yTObsgrsmjZZqg6S7cnSoHAdJ5WMUqaPnopJrrXF29NtehTVfHWszVb9pd6TC 6ShVkWgqTUXASRXGANZaq7rdvMRqkc+KecPRnbD/ZgtKreqgL1MkL20GtWNikwLsKZF8 eddoYfEAsDQZzin5eFhaFfV0sCBqY4FIHCmmm+S82l+OUrB8GmlkSFue2ePEwVBrQMfe hPvRDxDOcOO86cKzG9SGFhh69vp2ZrACHpnpKrb113xgNC5e11fwYNlK2qsxhXw4mpjf 5Do93CiHStiqle2DMnpLJlrO3K1Qe83CdJapKY3XMb4nzMJ1TJj/ydXH8WKDsCWcTfHt FGCw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1779380559; x=1779985359; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:feedback-id :mime-version:message-id:date:subject:cc:to:from:x-beenthere :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=d/kUWpzj/eQkO0HsN3D5C9x6b+UDp/PZtTt2Cj/SGJc=; b=BFvaOBAp4wXV/8QZqXFVJpE/j/c95OzFct5VsMK2LfmHkn6TIbwPJqU6TkZH+FvNx5 Wu9+EP8kpMapKlj07yduOazSzv/fBrE3O0+J5Wb29mBRJVQbFNKO0J49i3+zf4jWtSqM hVB0lwTebU+q1605RtBuv/3Xtajw9ZcmXdEcRQ7axNvbJtmb2Ojk6zGGxnQhIsZRsLAM Rc07YQYt0Sl/H9I2jFSLttVFeMZbx3kiRqGY4AOUu25mqCiV+s9ek73oVNSaKBux7xc5 dncZqj4C+hUcm3SAVMiq6yYUUI0u28kKcLcx2mnBZ/8siStUMx+QzHDsojrlkzkdFBGQ 4qUw== X-Forwarded-Encrypted: i=2; AFNElJ8trnM+rWkH4CTXyM6hHUcxtk5Mj3iOgUQ9vRdYvPIWh3/DxeQLWt7hW0bWtvhGZvUxVlRBoPY=@isar-build.org X-Gm-Message-State: AOJu0YwY9jgNUN7wMIAOZsr+OFIxWCXBL1RB5bav7FzkvfeGh5+jZgiN 11W3/mmaKpRret24AMn/vaNdDsfApUCz+WJnpWORhvETb1E7WlZqi4B0 X-Received: by 2002:a05:6870:c69b:b0:42f:f368:e025 with SMTP id 586e51a60fabf-43b2e802687mr2080857fac.10.1779380558962; Thu, 21 May 2026 09:22:38 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com; h="AUV6zMPUWeyhgnTLlEBodE19vKxZw3dRPo6AMVAA6lq2LHx47w==" Received: by 2002:a05:6870:4cc9:b0:430:279e:462b with SMTP id 586e51a60fabf-43a011ed867ls3696363fac.0.-pod-prod-06-us; Thu, 21 May 2026 09:22:38 -0700 (PDT) X-Received: by 2002:a05:6808:6604:b0:485:29ad:d1a9 with SMTP id 5614622812f47-4852edddfcdmr2027094b6e.37.1779380557967; Thu, 21 May 2026 09:22:37 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1779380557; cv=none; d=google.com; s=arc-20240605; b=fcQRezkD47VKZbSM5irXwQwCZ0l609rcK7ql+muGY5o+Hn5l7Y/LOJ9OysGbkpU+jB aECS0E+7YnxRzomc5VD7HImDyQvKKMxqXUZYu5wB6Xquq5wTYDeVBdFuRSu26FX7717V H2aflI9SsITk+jSVRLoCkI/PXWwt1vFs50PTWB6ACWaBJr7fMnqKiRr/Y+ls397pNe/w xvs12Xv2AjaKW4SCyY41x+IHefleiMfPzsSRtPXxTwuuYpgm8KINcb7PG+j5MuIXB5mN Cwx8ndmTTDkyymdSSaErNFjh3iVvlf9nu3mX16/feHunRF2fqhq6ufgzsOZNG58M2Msw TfDA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=feedback-id:content-transfer-encoding:mime-version:message-id:date :subject:cc:to:from:dkim-signature; bh=+kyzL8sMjjleK+teOiN0i9/YxIbtwhG+KbDG+3jjmew=; fh=1z37pEVhqwMLlkT4FDzOga7XBsM6Rzv6sXOq0pipxqo=; b=G3NX1/cst5N7Er7hvrsj17JidlQZDEYaM5iC0PeaWEZdSCqMKHSOAkJsFXeE/fbBS2 83wQT+2G4bU4wuYdVpRTpJHI7VCFnVTqfzSRc9QYbjo+16qccuaQjTZAGfpMLKmQYQX0 4bA5bRvDyDNEzXLiZ0JoVFn1yS8FTTCs8icYiq5h/Q95emzdMqgEDt4AUduUe+VeZhH7 GjfE5JbXWvU4jFSFzhFtC0WsJdOqFi9YHjBleupKfAjqQSvaV4pa31dW8UfvP9QIuiCp s4FAUn7YWws98GViNaHPnm8/UdnUpP7ihweyglRX1xkQ/i0Kpe1orPFsNJPL9i7rSB+X CPoA==; dara=google.com ARC-Authentication-Results: i=1; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=fm1 header.b=ICua+x3U; spf=pass (google.com: domain of fm-1212295-20260521162235f0da047b77000207a1-fejeoq@rts-flowmailer.siemens.com designates 185.136.64.227 as permitted sender) smtp.mailfrom=fm-1212295-20260521162235f0da047b77000207a1-FEJEoq@rts-flowmailer.siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com Received: from mta-64-227.siemens.flowmailer.net (mta-64-227.siemens.flowmailer.net. [185.136.64.227]) by gmr-mx.google.com with ESMTPS id 5614622812f47-485431c8e67si31640b6e.4.2026.05.21.09.22.37 for (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Thu, 21 May 2026 09:22:37 -0700 (PDT) Received-SPF: pass (google.com: domain of fm-1212295-20260521162235f0da047b77000207a1-fejeoq@rts-flowmailer.siemens.com designates 185.136.64.227 as permitted sender) client-ip=185.136.64.227; Received: by mta-64-227.siemens.flowmailer.net with ESMTPSA id 20260521162235f0da047b77000207a1 for ; Thu, 21 May 2026 18:22:35 +0200 X-Patchwork-Original-From: "'Cedric Hombourger' via isar-users" From: Cedric Hombourger To: isar-users@googlegroups.com Cc: Cedric Hombourger Subject: [PATCH] image-account-extension: configure adduser UID/GID pools Date: Thu, 21 May 2026 18:21:46 +0200 Message-ID: <20260521162215.1348898-1-cedric.hombourger@siemens.com> MIME-Version: 1.0 X-Flowmailer-Platform: Siemens Feedback-ID: 519:519-1212295:519-21489:flowmailer X-Original-Sender: cedric.hombourger@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=fm1 header.b=ICua+x3U; spf=pass (google.com: domain of fm-1212295-20260521162235f0da047b77000207a1-fejeoq@rts-flowmailer.siemens.com designates 185.136.64.227 as permitted sender) smtp.mailfrom=fm-1212295-20260521162235f0da047b77000207a1-FEJEoq@rts-flowmailer.siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com X-Original-From: Cedric Hombourger Reply-To: Cedric Hombourger Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H2,RCVD_IN_RP_CERTIFIED, RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= For users and groups with an explicit uid/gid set, generate adduser pool files so that maintainer scripts calling adduser/addgroup during package installation will reserve the expected IDs. A new 'reserve-only' flag allows entries to exist solely for pool reservation without being explicitly created during image postprocessing. Work-around: /etc/adduser.conf is pre-created with UID_POOL/GID_POOL directives and --force-confold is passed to dpkg so that our version is kept when the adduser package is installed. This is needed because adduser does not support loading configuration fragments from a .d directory or from environment variables. We want to discuss this! Do we want to create images from a template richer than bootstrap so adduser could be pre-installed and possibly its configuration already patched to use UID_POOL / GID_POOL? Signed-off-by: Cedric Hombourger --- doc/user_manual.md | 44 +++++-- .../image-account-extension.bbclass | 113 +++++++++++++++++- 2 files changed, 145 insertions(+), 12 deletions(-) diff --git a/doc/user_manual.md b/doc/user_manual.md index 69e8dfef..3bd2e767 100644 --- a/doc/user_manual.md +++ b/doc/user_manual.md @@ -737,7 +737,8 @@ The `GROUP_` variable contains the settings of a group named `groupna - `gid` - The numeric group id. - `flags` - A list of additional flags of the group. Those are the currently recognized flags: - - `system` - The group is created using the `--system` parameter. + - `system` - The group is created using the `--system` parameter. + - `reserve-only` - The group is not explicitly created during image postprocessing. Instead, its `gid` is reserved in the adduser GID pool so that packages creating this group via maintainer scripts will use the specified ID. The `USERS` and `USER:` variable works similar to the `GROUPS` and `GROUP:` variable. The difference are the accepted flags of the `USER:` variable. It accepts the following flags: @@ -750,13 +751,14 @@ The `USERS` and `USER:` variable works similar to the `GROUPS` and `GR - `home` - This changes the default home directory of the user with `usermod --move-home`. Only takes effect when used together with the `create-home` flag. - `shell` - This users login shell - `groups` - A space separated list of groups this user is a member of. - - `flags` - A list of additional flags of the user: - - `no-create-home` - `useradd` will be called with `-M` to prevent creation of the users home directory. - - `create-home` - `useradd` will be called with `-m` to force creation of the users home directory. - - `system` - `useradd` will be called with `--system`. - - `allow-empty-password` - Even if the `password` flag is empty, it will still be set. This results in a login without password. - - `clear-text-password` - The `password` flag of the given user contains a clear-text password and not an encrypted version of it. - - `force-passwd-change` - Force the user to change to password on first login. + - `flags` - A list of additional flags of the user: + - `no-create-home` - `useradd` will be called with `-M` to prevent creation of the users home directory. + - `create-home` - `useradd` will be called with `-m` to force creation of the users home directory. + - `system` - `useradd` will be called with `--system`. + - `allow-empty-password` - Even if the `password` flag is empty, it will still be set. This results in a login without password. + - `clear-text-password` - The `password` flag of the given user contains a clear-text password and not an encrypted version of it. + - `force-passwd-change` - Force the user to change to password on first login. + - `reserve-only` - The user is not explicitly created during image postprocessing. Instead, its `uid` is reserved in the adduser UID pool so that packages creating this user via maintainer scripts will use the specified ID. #### Example @@ -779,6 +781,32 @@ USER_root[flags] = "create-home system force-passwd-change" Some examples can be also found in `meta-isar/conf/local.conf.sample`. +#### UID/GID pool reservation + +When a user or group entry has an explicit `uid` or `gid` set, it is added to +the adduser UID/GID pool. This ensures that packages creating users or groups +via their maintainer scripts (e.g. `adduser` or `addgroup`) will allocate the +specified IDs. Combined with the `reserve-only` flag, this allows reserving IDs +without explicitly creating the accounts: + +``` +USERS += "tss" +USER_tss[uid] = "666" +USER_tss[flags] = "reserve-only" + +GROUPS += "tss" +GROUP_tss[gid] = "666" +GROUP_tss[flags] = "reserve-only" + +GROUPS += "docker" +GROUP_docker[gid] = "1234" +GROUP_docker[flags] = "reserve-only" +``` + +In this example, when `tpm2-abrmd` or `docker.io` are installed, their +maintainer scripts will create the `tss` and `docker` accounts using the +reserved IDs rather than dynamically allocated ones. + #### Home directory contents prefilling To cover all users simply use `/etc/skel`. Files in there will be available in every home directory under correct permissions. diff --git a/meta/classes-recipe/image-account-extension.bbclass b/meta/classes-recipe/image-account-extension.bbclass index e874f3c7..7dfcd8e0 100644 --- a/meta/classes-recipe/image-account-extension.bbclass +++ b/meta/classes-recipe/image-account-extension.bbclass @@ -14,16 +14,18 @@ python() { for entry in (d.getVar("GROUPS") or "").split(): group_entry = "GROUP_{}".format(entry) d.appendVarFlag("image_postprocess_accounts", "vardeps", " {}".format(group_entry)) + d.appendVarFlag("image_configure_adduser_pools", "vardeps", " {}".format(group_entry)) d.appendVarFlag("do_rootfs_install", "vardeps", " {}".format(group_entry)) for entry in (d.getVar("USERS") or "").split(): user_entry = "USER_{}".format(entry) d.appendVarFlag("image_postprocess_accounts", "vardeps", " {}".format(user_entry)) + d.appendVarFlag("image_configure_adduser_pools", "vardeps", " {}".format(user_entry)) d.appendVarFlag("do_rootfs_install", "vardeps", " {}".format(user_entry)) } do_rootfs_install[vardeps] += "GROUPS USERS" -def image_create_groups(d: "DataSmart") -> None: +def image_create_groups(d): """Creates the groups defined in the ``GROUPS`` bitbake variable. Args: @@ -40,6 +42,10 @@ def image_create_groups(d: "DataSmart") -> None: args = [] group_entry = "GROUP_{}".format(entry) + flags = (d.getVarFlag(group_entry, "flags") or "").split() + if "reserve-only" in flags: + continue + with open("{}/etc/group".format(rootfsdir), "r") as group_file: exists = any(line.startswith("{}:".format(entry)) for line in group_file) @@ -59,7 +65,7 @@ def image_create_groups(d: "DataSmart") -> None: bb.process.run([*chroot, "/usr/sbin/groupadd", *args, entry]) -def image_create_users(d: "DataSmart") -> None: +def image_create_users(d): """Creates the users defined in the ``USERS`` bitbake variable. Args: @@ -78,6 +84,10 @@ def image_create_users(d: "DataSmart") -> None: args = [] user_entry = "USER_{}".format(entry) + flags = (d.getVarFlag(user_entry, "flags") or "").split() + if "reserve-only" in flags: + continue + with open("{}/etc/passwd".format(rootfsdir), "r") as passwd_file: exists = any(line.startswith("{}:".format(entry)) for line in passwd_file) @@ -99,8 +109,6 @@ def image_create_users(d: "DataSmart") -> None: args.append("--groups") args.append(','.join(groups)) - flags = (d.getVarFlag(user_entry, "flags") or "").split() - if exists: add_user_option("--home", "home") if d.getVarFlag(user_entry, "home") or "": @@ -143,6 +151,103 @@ def image_create_users(d: "DataSmart") -> None: bb.process.run([*chroot, "/usr/bin/passwd", "--expire", entry]) +def configure_adduser_pools(d): + """Configures adduser UID/GID pools for users and groups with explicit IDs. + + Creates pool files and a minimal /etc/adduser.conf with UID_POOL/GID_POOL + directives before package installation. + + Args: + d (DataSmart): The bitbake datastore. + + Returns: + None + """ + import os + import tempfile + + rootfsdir = d.getVar("ROOTFSDIR") + adduser_conf = "{}/etc/adduser.conf".format(rootfsdir) + uid_pool_path = "/etc/adduser-uid.pool" + gid_pool_path = "/etc/adduser-gid.pool" + + uid_pool_entries = [] + seen_users = set() + for entry in (d.getVar("USERS") or "").split(): + if entry in seen_users: + continue + seen_users.add(entry) + user_entry = "USER_{}".format(entry) + uid = d.getVarFlag(user_entry, "uid") or "" + if uid: + uid_pool_entries.append("{}:{}".format(entry, uid)) + + gid_pool_entries = [] + seen_groups = set() + for entry in (d.getVar("GROUPS") or "").split(): + if entry in seen_groups: + continue + seen_groups.add(entry) + group_entry = "GROUP_{}".format(entry) + gid = d.getVarFlag(group_entry, "gid") or "" + if gid: + gid_pool_entries.append("{}:{}".format(entry, gid)) + + if not uid_pool_entries and not gid_pool_entries: + return + + if uid_pool_entries: + with tempfile.NamedTemporaryFile(mode="w", delete=False) as f: + f.write("\n".join(uid_pool_entries) + "\n") + tmp = f.name + bb.process.run( + ["sudo", "cp", tmp, "{}{}".format(rootfsdir, uid_pool_path)]) + bb.process.run( + ["sudo", "chmod", "644", "{}{}".format(rootfsdir, uid_pool_path)]) + os.unlink(tmp) + + if gid_pool_entries: + with tempfile.NamedTemporaryFile(mode="w", delete=False) as f: + f.write("\n".join(gid_pool_entries) + "\n") + tmp = f.name + bb.process.run( + ["sudo", "cp", tmp, "{}{}".format(rootfsdir, gid_pool_path)]) + bb.process.run( + ["sudo", "chmod", "644", "{}{}".format(rootfsdir, gid_pool_path)]) + os.unlink(tmp) + + # Create /etc/adduser.conf with the upstream default content plus pool + # directives. We use --force-confold during package installation so that + # dpkg keeps this version when the adduser package is installed. + conf_lines = [] + conf_lines.append("# /etc/adduser.conf: `adduser' configuration.") + conf_lines.append("# See adduser(8) and adduser.conf(5) for full documentation.") + conf_lines.append("") + if uid_pool_entries: + conf_lines.append("UID_POOL={}".format(uid_pool_path)) + if gid_pool_entries: + conf_lines.append("GID_POOL={}".format(gid_pool_path)) + + with tempfile.NamedTemporaryFile(mode="w", delete=False) as f: + f.write("\n".join(conf_lines) + "\n") + tmp = f.name + bb.process.run(["sudo", "cp", tmp, adduser_conf]) + bb.process.run(["sudo", "chmod", "644", adduser_conf]) + os.unlink(tmp) + + +# Work-around: pre-create /etc/adduser.conf with pool directives and use +# --force-confold so dpkg keeps our version when the adduser package is +# installed. This is needed because adduser does not support loading +# configuration from /etc/adduser.conf.d/ or from environment variables. +ROOTFS_APT_ARGS += "-o DPkg::Options::=--force-confold" + +ROOTFS_CONFIGURE_COMMAND += "image_configure_adduser_pools" +image_configure_adduser_pools[vardeps] += "USERS GROUPS" +python image_configure_adduser_pools() { + configure_adduser_pools(d) +} + ROOTFS_POSTPROCESS_COMMAND += "image_postprocess_accounts" image_postprocess_accounts[vardeps] += "USERS GROUPS" python image_postprocess_accounts() {