From patchwork Wed May 11 05:13:37 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Quirin Gylstorff X-Patchwork-Id: 1790 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3) with LMTPA; Wed, 11 May 2022 15:13:49 +0200 X-Sieve: CMU Sieve 2.4 Received: from mail-lj1-f189.google.com (mail-lj1-f189.google.com [209.85.208.189]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8) with ESMTPS id 24BDDki8013824 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Wed, 11 May 2022 15:13:47 +0200 Received: by mail-lj1-f189.google.com with SMTP id f10-20020a2e9e8a000000b00250925fec6asf708971ljk.20 for ; Wed, 11 May 2022 06:13:47 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1652274821; cv=pass; d=google.com; s=arc-20160816; b=UCliCvLDc8ctuTyKwgFAQT8KwupwTimVvZXZt3MjZE1EzXcq0/MdwGZ3JY3efQQuPb kcAzxGnX/8LzpkGf7P/gt4qyv+5UlYLKuFe7LlqEOIE5NSYgJV6/uPsPlU6nEKDAwTx4 rHXIquHOnip3B8vCMZ1Tf651F2PdDEsOjndMs04wiL8pjtFm/ifIKBW9wGLuUOrN9quR 7MKRzMBr+LZ7A5yJitV9UD30VsLOXi2XOIuH4lfmXnYwjdDaBPUvL02jylmLUIIYgtQV 5qxLJtHzJmam1glhDRpBPDEJcqVhHnWa/GMD/beMS7lBkS7ES/VeeY6e6d2ZvGM4grOZ Ei/Q== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:feedback-id:mime-version:references :in-reply-to:message-id:date:subject:to:from:sender:dkim-signature; bh=09rjB/bH01kR0mxUDFZ5Be73s4gH2KjAMYPKCVA9tM8=; b=KeJFIA/L7W9w4TrDG7vF1nAn2i9lm/HnXG3tqIW1+gzsgcNLUfB3hFWseaTOcFif1S Qd+bDsblDMG4ZxYaDJqxabme458yXKituj20qSJG+sX1WA/2TyrtjbaExtp67VQcvKcO nELdnzLQnzdQ3LLvuph2xaSJM3apWCLXlHeD2pKPBF+sNq8+Jtm7k9RyeHtHFlrsJg5U DsR1a6CaY3mAiHf36xJ9NYPk7kZSHI6ku4ltZynBOD4/R55jxdfSdp4MRyHWDlA0sbTg 5p6dzpipOLtXvflpMsLRZRWC1x2lcxyqedTusbwFt8gVSteARm10Kn1Dz3kF3XZxBw3G 5kaw== ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=fm1 header.b=hrIgud41; spf=pass (google.com: domain of fm-51332-202205111313399ca9876ccdd48f2ee3-oymbi9@rts-flowmailer.siemens.com designates 185.136.64.227 as permitted sender) smtp.mailfrom=fm-51332-202205111313399ca9876ccdd48f2ee3-oyMBI9@rts-flowmailer.siemens.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20210112; h=sender:from:to:subject:date:message-id:in-reply-to:references :mime-version:feedback-id:x-original-sender :x-original-authentication-results:precedence:mailing-list:list-id :list-post:list-help:list-archive:list-subscribe:list-unsubscribe; bh=09rjB/bH01kR0mxUDFZ5Be73s4gH2KjAMYPKCVA9tM8=; b=tJ4+cZS1dWGiznDzfSYetiFyHDOXSngKKVHhP/24o/YwvyikVOk7nSljMq/aASMLFb yP3bq822uQtSwgVcqRxFDHAzXGKOhxjRsvRz0lilqNbqzbmnatqME10e1gfTnMd5K3Eh RC9oDHJ28mNsfKw7lIv1jOQxqYylzpgAlURt7cHYhXJxEWUhG9PId1Ype8hwad4nEWUj g3rBE7dumnAneIADPGN2itQdZMP9mTZXEkg9/Fq7LrE843YAwSC7LJ1I19C5duLU9m/i 06jfljYjC6FFXesIgkO52nLWldvDu6CQMRyCcMBQgBRsKjsejcC8QU9KiQdQwmz5xThK EgPw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=sender:x-gm-message-state:from:to:subject:date:message-id :in-reply-to:references:mime-version:feedback-id:x-original-sender :x-original-authentication-results:precedence:mailing-list:list-id :x-spam-checked-in-group:list-post:list-help:list-archive :list-subscribe:list-unsubscribe; bh=09rjB/bH01kR0mxUDFZ5Be73s4gH2KjAMYPKCVA9tM8=; b=q3cJ59AE3GFV73D8/TsRVLUYaE3ZuG67aT8IegWtkwQkm+5Ad2aSN6XK2qhXK3LyU2 2bCk6xHoNEhZaUbkB5m5WctRuaGDq+P0pVX6Ljuk0D95VphP9XWycRMkxuIilpHnhnxN 4uNuJTGDqHIPenyC9b/Vje0GEjzUMYqhUxm0ovIcgwIZe5mpRTVzxZ2tOu1c7gplfX8q +s6kngCFC3Gf4WhzroDsadbdPveczjoBk8erNjAdzCzI4bsqJ2wg2ob5Uasi2qqbkY3s ceemR9qWRWIUjDZ4zhKyzCW8KwkaCfi2Aez04f013YT/5ajEsJ0IfIsWbC4jFzDaQaev aacQ== Sender: isar-users@googlegroups.com X-Gm-Message-State: AOAM532n/8CIAt+KRcm3coMl46qoPuBNYyN/bIovmb1dXOmfTdiu2fAw Pd49etxYVR3uFvr5OTTItJk= X-Google-Smtp-Source: ABdhPJxYurXmaW3cTZVw2RJVIh1j/Ya58ByqDUD3QAbb+aKJYuz3QL+ajiSBhJ17SLT6LgPeXvG9bg== X-Received: by 2002:a05:6512:3d01:b0:472:6386:9e73 with SMTP id d1-20020a0565123d0100b0047263869e73mr20416819lfv.486.1652274821139; Wed, 11 May 2022 06:13:41 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com Received: by 2002:ac2:4c49:0:b0:472:627f:9c3c with SMTP id o9-20020ac24c49000000b00472627f9c3cls26739lfk.3.gmail; Wed, 11 May 2022 06:13:40 -0700 (PDT) X-Received: by 2002:a19:e01e:0:b0:473:c404:230c with SMTP id x30-20020a19e01e000000b00473c404230cmr19459114lfg.194.1652274820041; Wed, 11 May 2022 06:13:40 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1652274820; cv=none; d=google.com; s=arc-20160816; b=oOtOsboav6pOwNg8McMn5xNP+iSkZzK2uIIis6OUMeGBpK+5Bhhlgu+a5F/xqhqZFU 3Nkc+zw42PrXTWJ8Ra5hvgOB3paxUZ1w5TTUufY7frz3cMhqX/QbDlrF1ZyvtSGf2r5d OEpsyEYlordS86DMmn3dy2UkNbW701KAq2R4ji/WSd0+df3PkowIO8JLeqHmtIH5JuCO oS4cChwU2SxwOxGbNPnQc9vqinypfHxrLxBLezyqS/Ikoht79Qqnp8Bquy5YriiDWvdz MNNNnoDBTmO7C4PhB5b0V5r3w7acZsY1xAFDgiprq6LBDXEnjCGoTseDyoh4fCo+4UwD k2sA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=feedback-id:content-transfer-encoding:mime-version:references :in-reply-to:message-id:date:subject:to:from:dkim-signature; bh=Dx4mUaf8Z4E9JZEMxZTXoVApkp28xcVE9CaqiR3IRtM=; b=ROAh/UcEiSPW/wFWVDY6lapKPRhYhJqxlwwugZsEUFvujUaISHVNR5gIrHYEfZGd8u oSDcTlW6lkeE5iGrl3Ufe5idTxE6SU61NuTz068pnLRiPqawjpgeNaFEaYB8obVrVILV jM+hy+XuyLjJOzSfTeSvo5YA+pxK5IzwF058SgiwS1ZI349+g6c3TBqpmbaJLJcM1urW l3n9G0AExogB2lkCVzoLhzR0hyyvDBVLc8GS8rw1GWt5u57DzfG673wdwO2xaPFOAGqZ J4Qb+DL0JDV/rikIm8Qy9cVpC4IflxVwbs8ZFbtu9VVHjPaHGr5ZYydb+LswemTZl+Hj vMdA== ARC-Authentication-Results: i=1; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=fm1 header.b=hrIgud41; spf=pass (google.com: domain of fm-51332-202205111313399ca9876ccdd48f2ee3-oymbi9@rts-flowmailer.siemens.com designates 185.136.64.227 as permitted sender) smtp.mailfrom=fm-51332-202205111313399ca9876ccdd48f2ee3-oyMBI9@rts-flowmailer.siemens.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=siemens.com Received: from mta-64-227.siemens.flowmailer.net (mta-64-227.siemens.flowmailer.net. [185.136.64.227]) by gmr-mx.google.com with ESMTPS id c5-20020a2e9d85000000b002499fdca3e4si143591ljj.3.2022.05.11.06.13.39 for (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 11 May 2022 06:13:40 -0700 (PDT) Received-SPF: pass (google.com: domain of fm-51332-202205111313399ca9876ccdd48f2ee3-oymbi9@rts-flowmailer.siemens.com designates 185.136.64.227 as permitted sender) client-ip=185.136.64.227; Received: by mta-64-227.siemens.flowmailer.net with ESMTPSA id 202205111313399ca9876ccdd48f2ee3 for ; Wed, 11 May 2022 15:13:39 +0200 From: Quirin Gylstorff To: jan.kiszka@siemens.com, isar-users@googlegroups.com Subject: [PATCH 1/2] classes/image-account-extension:Move account configuration to post-process Date: Wed, 11 May 2022 15:13:37 +0200 Message-Id: <20220511131338.450234-2-Quirin.Gylstorff@siemens.com> In-Reply-To: <20220511131338.450234-1-Quirin.Gylstorff@siemens.com> References: <20220511131338.450234-1-Quirin.Gylstorff@siemens.com> MIME-Version: 1.0 X-Flowmailer-Platform: Siemens Feedback-ID: 519:519-51332:519-21489:flowmailer X-Original-Sender: quirin.gylstorff@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=fm1 header.b=hrIgud41; spf=pass (google.com: domain of fm-51332-202205111313399ca9876ccdd48f2ee3-oymbi9@rts-flowmailer.siemens.com designates 185.136.64.227 as permitted sender) smtp.mailfrom=fm-51332-202205111313399ca9876ccdd48f2ee3-oyMBI9@rts-flowmailer.siemens.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=siemens.com Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Status: No, score=-0.9 required=5.0 tests=DKIMWL_WL_MED, DKIM_SIGNED, DKIM_VALID,DKIM_VALID_EF,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,RCVD_IN_MSPIKE_H2,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-getmail-retrieved-from-mailbox: INBOX From: Quirin Gylstorff If the root account is deactivate during rootfs configuration , e.g. by setting 'USER_root[expire]="01-01-1970"', the following error occurs if a packages tries to create/modifies a user account. ``` Setting up systemd (247.3-7) ... Created symlink /etc/systemd/system/getty.target.wants/getty@tty1.service -> /lib/systemd/system/getty@.service. Created symlink /etc/systemd/system/multi-user.target.wants/remote-fs.target -> /lib/systemd/system/remote-fs.target. Created symlink /etc/systemd/system/sysinit.target.wants/systemd-pstore.service -> /lib/systemd/system/systemd-pstore.service. Initializing machine ID from random generator. Your account has expired; please contact your system administrator. chfn: PAM: Authentication failure adduser: `/bin/chfn -f systemd Network Management systemd-network' returned error code 1. Exiting. dpkg: error processing package systemd (--configure): installed systemd package post-installation script subprocess returned error exit status 1 Setting up dmsetup (2:1.02.175-2.1) ... Errors were encountered while processing: systemd E: Sub-process /usr/bin/dpkg returned an error code (1) WARNING: exit code 100 from a shell command. ``` This move also allows /etc/skel modification to be applicable to all users. Signed-off-by: Quirin Gylstorff --- meta/classes/image-account-extension.bbclass | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/meta/classes/image-account-extension.bbclass b/meta/classes/image-account-extension.bbclass index c9bebe85..caa962a0 100644 --- a/meta/classes/image-account-extension.bbclass +++ b/meta/classes/image-account-extension.bbclass @@ -58,8 +58,7 @@ IMAGE_ACCOUNTS_GROUPS =+ "${@gen_accounts_array(d, 'GROUPS', 'GROUP', ['gid', 'f do_rootfs_install[vardeps] += "${IMAGE_ACCOUNTS_GROUPS} ${IMAGE_ACCOUNTS_USERS}" -ROOTFS_CONFIGURE_COMMAND += "image_configure_accounts" -image_configure_accounts[weight] = "3" +ROOTFS_POSTPROCESS_COMMAND += "image_configure_accounts" image_configure_accounts() { # Create groups # Add space to the end of the list: From patchwork Wed May 11 05:13:38 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Quirin Gylstorff X-Patchwork-Id: 1788 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3) with LMTPA; Wed, 11 May 2022 15:13:48 +0200 X-Sieve: CMU Sieve 2.4 Received: from mail-lj1-f190.google.com (mail-lj1-f190.google.com [209.85.208.190]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8) with ESMTPS id 24BDDkau013825 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Wed, 11 May 2022 15:13:47 +0200 Received: by mail-lj1-f190.google.com with SMTP id f10-20020a2e9e8a000000b00250925fec6asf708973ljk.20 for ; Wed, 11 May 2022 06:13:47 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1652274821; cv=pass; d=google.com; s=arc-20160816; b=XiLwssn05jSBKamVGrj2FDF8V6N0vtO1pPBp1JR/IR4OWbPFpvZkiyLO/k8hhOR9ae mA8bBCerPJvNsQOEpwLzArUSDHvgbi5OsADwfLNc87xw9rA4pba7QJFScgI4JJlE694X mK2yRdSwjUlKhFp02FgEUMzStByPvGuKsH9EKSLlxz2qfhQFvIsZE7jnd2FbbYcpn+jE Ps9PPwg+ckzOGts4RXZc9o6QLNr5FO6SU8/C1K+ywVKuNStA3uN0jB6+wviunSs5OXEY tdD5Bl4ajitwSHZ3ZEUzTGIlfUc0AxEO4daNpN2m/ST5x+u+QlHP3+b3XVZ+dS3g8rrO EBvw== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:feedback-id:mime-version:references :in-reply-to:message-id:date:subject:to:from:sender:dkim-signature; bh=+7QjfkVGUdLhrC/Tuh0HMmDixUyBiTDnkjwzwXF014E=; b=CQOcb2C4ceANi5rhb64L14ZaYhqCeT5czkHVoZGjhIqT8YxE/XDlEKnk4NIWyI+m3H MpSocweVNK+WRe10vGIDROE/MQA3r219qaytrSO4TrP108+Lw3q8J+MmqC/WwFSNiUyC P+QYDtXGikfUUKaNPIBU+ZoQEr7VWSVMbFY/KftML5mDN8CTnez6uAan8tANcNnlU9yj hv+kVk2luaCzJ2Ms+AN2SZBdhb7+hzGjN2o7EL55a1tZyzDr/p2OZE3uDp8rnsa4VOVy HpJLzbKLFUtvSgYP8dQTQbmfvjrJmNaYmk0BwTLqRgutGiyyUwWeBdUoJTqGZVbtpHh2 NX3w== ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=fm1 header.b=cKprfdgj; spf=pass (google.com: domain of fm-51332-20220511131339ba4790c7f86687f51b-uy6n7g@rts-flowmailer.siemens.com designates 185.136.64.227 as permitted sender) smtp.mailfrom=fm-51332-20220511131339ba4790c7f86687f51b-UY6n7g@rts-flowmailer.siemens.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20210112; h=sender:from:to:subject:date:message-id:in-reply-to:references :mime-version:feedback-id:x-original-sender :x-original-authentication-results:precedence:mailing-list:list-id :list-post:list-help:list-archive:list-subscribe:list-unsubscribe; bh=+7QjfkVGUdLhrC/Tuh0HMmDixUyBiTDnkjwzwXF014E=; b=BpIoyIHmjjYfN3TSXU/o04gYxdyYupZQlrGJjqlgsJ7nhBgAp2IQ//Aj/gpy8A01fL JMep3lBjqgFb5FnrMVX5i3g+3NKJskX9qYi0YrFwV4pBYrEy+RUIqTrGnibr80EldsTM uMig1aV0dK8EE9LvQhylS0z6JIzrhI1/1fCIQKMZiicJd8foe3bvZ+Ij+33P6mUqM5B6 DKtTESdqfW2K3O1bn7Y/UfHDYIgxcOFZSzjnedwa7Y9TeHrsVM2vQd/DlBNMZm3z5R1B YwmlvAQ16b3ifO1Xl+fSbcY5z0VnSygSIdCAZEjUeleFx/3B30qYgYsxAIQkfVc8Sxmn JLYA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=sender:x-gm-message-state:from:to:subject:date:message-id :in-reply-to:references:mime-version:feedback-id:x-original-sender :x-original-authentication-results:precedence:mailing-list:list-id :x-spam-checked-in-group:list-post:list-help:list-archive :list-subscribe:list-unsubscribe; bh=+7QjfkVGUdLhrC/Tuh0HMmDixUyBiTDnkjwzwXF014E=; b=3Pz6vXwlRqFmXBPTcIO8b1OKe8f0O5qpH4Ok7vgqCMGHOzihcy/RNDvoaaU/GLWvRz uAU+QWUh57+wR6DXCuSrBLm58KF2Q6FhqRzmjLUM5eO6XhNTTp6H639XcPFDUNXO+DH9 BsxBi59w9Zu5gqWw5jaxZKa4TVGNWirnmSh16nJWztHQWYZYVqYwPgYt8Grg4+IS7zfJ 1A+PlXl8bG9oZ1y5HSQ6b543sdh+UULgrfCGSe6tZh2YIFYUnn5EVxHOff3olizbDZjN nTp+OsiFQUlug3lUw0PRMIBrmZEK+uy0pFWCrwU9xb/hGHFRglu94W7s6IV0N9wYRb/E 0X9Q== Sender: isar-users@googlegroups.com X-Gm-Message-State: AOAM532zpbRRr0YGW7u9pyHGPblt2fgq2KzWMabyi1pMGuGc8ZzLOIjv wMnwm09f5GatDr/AAbsnIxA= X-Google-Smtp-Source: ABdhPJyfkUgbD1XVCnB0KTwiLy+h39+ccqYXHcWuyktV/1r1YOSO8IYhU8DoB+ynGP0IM5tmXM9keQ== X-Received: by 2002:a05:651c:1781:b0:247:daa7:4358 with SMTP id bn1-20020a05651c178100b00247daa74358mr16764278ljb.477.1652274821426; Wed, 11 May 2022 06:13:41 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com Received: by 2002:a05:6512:3f16:b0:449:f5bf:6f6a with SMTP id y22-20020a0565123f1600b00449f5bf6f6als1560231lfa.2.gmail; Wed, 11 May 2022 06:13:40 -0700 (PDT) X-Received: by 2002:ac2:44a7:0:b0:472:19b6:1f08 with SMTP id c7-20020ac244a7000000b0047219b61f08mr19945350lfm.266.1652274820396; Wed, 11 May 2022 06:13:40 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1652274820; cv=none; d=google.com; s=arc-20160816; b=UJlVIpvIu1t0A+rt5ksF8z6wWPkAD4kG/VD07RvwVuGPLrTdsv9xIOIZKjTS5R7FSo OUAzDLTbNvUBexmT0nwxXnW6Z69HtyzLXL+R3QggWDVuEronQtbOWLCxwonhf1hlz5Sp nE3rymP2VzmAruLB76+IQ7ZKUGxNLL6zoKpzi6Qm2fV1Kko72gNaWkVtN1XKET19/RJG WcDQwZf60tEy5rWA8+fU0IRN1ZGOFF6+h/Zxaam0ftuWA9L70BpmEBZOa5g33JzCZ+35 00HBRnrrpkC+6sRvzPnJ63fg02ATySq9V7H43Raw5IlzHS+/4kdxImatOFzNnPeiaZ74 X/uQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=feedback-id:content-transfer-encoding:mime-version:references :in-reply-to:message-id:date:subject:to:from:dkim-signature; bh=cg/Hs5IIzDV2EvrCGXSKu6n0TNyK7eQ4Y2nqYLJ4anA=; b=UoLe1AtqRCghrnsdNBLeh/RJZPt934AA7cMM5fWVjqha4yevU1p0O2hCWeFX57MZWr rsmlofi8YuilXol0wSsjo8CpU6hcp+krtwXB+MMlR8di7Fe97NResHOPrF8k05nwRKQe 6lWUW/N0AuFhpkJ93pkHpz08yJ14/Rrr9F71Dniy+kyRXXIrK+vj4gU/3WuAFZaWqh6t R5ClTuwSH1j94kecL3lhrtV6hxnzWZ+PHx1mpkCBbvRQcB4xuzCfCBzUEzpSNM4oq44i M/wJY+d50LQMHy0yWn5VvQDwTe4faHzT2sgvHV7BCo3sTyaT9NtPEJ7/btRywIQXK9bg FvYA== ARC-Authentication-Results: i=1; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=fm1 header.b=cKprfdgj; spf=pass (google.com: domain of fm-51332-20220511131339ba4790c7f86687f51b-uy6n7g@rts-flowmailer.siemens.com designates 185.136.64.227 as permitted sender) smtp.mailfrom=fm-51332-20220511131339ba4790c7f86687f51b-UY6n7g@rts-flowmailer.siemens.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=siemens.com Received: from mta-64-227.siemens.flowmailer.net (mta-64-227.siemens.flowmailer.net. [185.136.64.227]) by gmr-mx.google.com with ESMTPS id g3-20020a056512118300b004725fee5ddfsi106683lfr.9.2022.05.11.06.13.40 for (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 11 May 2022 06:13:40 -0700 (PDT) Received-SPF: pass (google.com: domain of fm-51332-20220511131339ba4790c7f86687f51b-uy6n7g@rts-flowmailer.siemens.com designates 185.136.64.227 as permitted sender) client-ip=185.136.64.227; Received: by mta-64-227.siemens.flowmailer.net with ESMTPSA id 20220511131339ba4790c7f86687f51b for ; Wed, 11 May 2022 15:13:39 +0200 From: Quirin Gylstorff To: jan.kiszka@siemens.com, isar-users@googlegroups.com Subject: [PATCH 2/2] classes/image-account-extension: Add flag to force password change on first login Date: Wed, 11 May 2022 15:13:38 +0200 Message-Id: <20220511131338.450234-3-Quirin.Gylstorff@siemens.com> In-Reply-To: <20220511131338.450234-1-Quirin.Gylstorff@siemens.com> References: <20220511131338.450234-1-Quirin.Gylstorff@siemens.com> MIME-Version: 1.0 X-Flowmailer-Platform: Siemens Feedback-ID: 519:519-51332:519-21489:flowmailer X-Original-Sender: quirin.gylstorff@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=fm1 header.b=cKprfdgj; spf=pass (google.com: domain of fm-51332-20220511131339ba4790c7f86687f51b-uy6n7g@rts-flowmailer.siemens.com designates 185.136.64.227 as permitted sender) smtp.mailfrom=fm-51332-20220511131339ba4790c7f86687f51b-UY6n7g@rts-flowmailer.siemens.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=siemens.com Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Status: No, score=-0.9 required=5.0 tests=DKIMWL_WL_MED, DKIM_SIGNED, DKIM_VALID,DKIM_VALID_EF,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,RCVD_IN_MSPIKE_H2,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-getmail-retrieved-from-mailbox: INBOX From: Quirin Gylstorff This avoids possible errors if `passwd --expire root` is set during package installation. This flag is necesssary as ``` USER_root[expire] = "1970-01-01" ``` disables the root account and displays the message: If the user tries to login the following message is displayed: ``` Your account has expired; please contact your system administrator. Authentication failure ``` Signed-off-by: Quirin Gylstorff --- doc/user_manual.md | 1 + meta/classes/image-account-extension.bbclass | 7 ++++++- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/doc/user_manual.md b/doc/user_manual.md index cdb73224..02874b6d 100644 --- a/doc/user_manual.md +++ b/doc/user_manual.md @@ -678,6 +678,7 @@ The `USERS` and `USER_` variable works similar to the `GROUPS` and `GR - `system` - `useradd` will be called with `--system`. - `allow-empty-password` - Even if the `password` flag is empty, it will still be set. This results in a login without password. - `clear-text-password` - The `password` flag of the given user contains a clear-text password and not an encrypted version of it. + - `force-passwd-change` - Force the user to change to password on first login. #### Home directory contents prefilling diff --git a/meta/classes/image-account-extension.bbclass b/meta/classes/image-account-extension.bbclass index caa962a0..99de8b0d 100644 --- a/meta/classes/image-account-extension.bbclass +++ b/meta/classes/image-account-extension.bbclass @@ -17,7 +17,7 @@ USERS ??= "" #USER_root[home] = "/home/root" #USER_root[shell] = "/bin/sh" #USER_root[groups] = "audio video" -#USER_root[flags] = "no-create-home create-home system allow-empty-password clear-text-password" +#USER_root[flags] = "no-create-home create-home system allow-empty-password clear-text-password force-passwd-change" GROUPS ??= "" @@ -258,5 +258,10 @@ image_configure_accounts() { printf '%s:%s' "$name" "$password" | sudo chroot '${ROOTFSDIR}' \ /usr/sbin/chpasswd $chpasswd_args fi + if [ "${flags}" != "${flags%*,force-passwd-change,*}" ]; then + echo "Execute passwd to force password change on first boot for \"$name\"" + sudo -E chroot '${ROOTFSDIR}' \ + /usr/bin/passwd --expire "$name" + fi done }