From patchwork Thu May 12 04:04:32 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Quirin Gylstorff X-Patchwork-Id: 1797 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3) with LMTPA; Thu, 12 May 2022 14:04:42 +0200 X-Sieve: CMU Sieve 2.4 Received: from mail-wr1-f60.google.com (mail-wr1-f60.google.com [209.85.221.60]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8) with ESMTPS id 24CC4gb1018011 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Thu, 12 May 2022 14:04:42 +0200 Received: by mail-wr1-f60.google.com with SMTP id o11-20020adfca0b000000b0020adc114131sf1987305wrh.8 for ; Thu, 12 May 2022 05:04:42 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1652357077; cv=pass; d=google.com; s=arc-20160816; b=j22EaZ3r6FVGWbfvStDhFGdMbhY0IRcMSunFGKv76nmMIWYjGsvTLK0JrUnV4gDfQs OxN8M0MVVH2YSPz+RBDBQTL9SXyD2WB+Fw7RmRuKDxH8ctFVBGuNAiZL5qb4XcJXrNNa L7iN/lcR5ELrGQFH7BeaSb1i7ouOGJwm8hE3ui5JwQt4Jhjo7seDwjLV4G45XiEIP/Ak WKq8Giw0lcZ8r4xgJIMr+EicBfymstNSvM5jK/Vmq2lbiVOTdGmni49wX5UojV7zMRam i9Z7+Wc3DgDJ/kIOT099yiUXZLa7FCQElYfpZkkJsndxADwNAS6/qyRreyJwYv+ZtxAj teaQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:feedback-id:mime-version:references :in-reply-to:message-id:date:subject:to:from:sender:dkim-signature; bh=l8vaNvJJUcIeClN8p7fQ6VHZUjcL+hxUpJRRMZxeRYo=; b=N9yQoT0WZpapsaLvvVMZqcy5e1TTVZ7kYaWBYx4tDbOarFG7rtUIn5En4l3v/bCHVG iCWIBofcUhaPxBmdjo4Q1e0Q9LvzxwdkN/1SzNr7vi25cpsJcTm+Wm85DI53CZKa0tL7 i8pEi/7vJ5pMdSi+tJ2qp4kuNducd6TezPPvFNdmjiivZN7CtFA2atb36c5CbV9uLIYs f+82KyhAHQjT5fHOnZ4SJ61jsHEFXDTgtNmMgRimWk/UYNwGKiRy6K0eErrXwC8s9XyP pWv33D5epYied2BFGC483eH1wdmBNqcIsK0ArZcwVS6nFuz4w6jp10fGVE64ge7CcuDO k9xA== ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=fm1 header.b=K8N9apDZ; spf=pass (google.com: domain of fm-51332-20220512120435e4bff55ce5190ceab6-exsk0h@rts-flowmailer.siemens.com designates 185.136.65.227 as permitted sender) smtp.mailfrom=fm-51332-20220512120435e4bff55ce5190ceab6-EXSk0h@rts-flowmailer.siemens.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20210112; h=sender:from:to:subject:date:message-id:in-reply-to:references :mime-version:feedback-id:x-original-sender :x-original-authentication-results:precedence:mailing-list:list-id :list-post:list-help:list-archive:list-subscribe:list-unsubscribe; bh=l8vaNvJJUcIeClN8p7fQ6VHZUjcL+hxUpJRRMZxeRYo=; b=lcb4QvTVCQ5rX2ehI3NRzCZ8Q6vKeLarEcqhtDUNMfFxGGi75uZId8VqtyOcX9bE+Y H6Y69VUovOsNxYfDZKb4YRHW5GaqGHvkJQ34Mz5weuUv7nnjkqbdEzXLtHRHuU/hJ261 vQRp1HGQ51yKuOy3VqTudrg4JZJEX2JyKgTdvcwCV+d3nP7tWRT/AAK9aWlEHrEYSlyY HzSj4+ZGmHm9pwzIoxlhykiqBZZnmPiU5x45xZT4hApJyZUNh76Xr/QQ8P6qYEf8kohi KGUxTpW2P5Qgv5eJ2qDTyCp+7HdUFgqCxiOlwizyZKOAxrb/BdYHeRYNoCYVWOF5Zc2H OPQA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=sender:x-gm-message-state:from:to:subject:date:message-id :in-reply-to:references:mime-version:feedback-id:x-original-sender :x-original-authentication-results:precedence:mailing-list:list-id :x-spam-checked-in-group:list-post:list-help:list-archive :list-subscribe:list-unsubscribe; bh=l8vaNvJJUcIeClN8p7fQ6VHZUjcL+hxUpJRRMZxeRYo=; b=NiYaQ8B647A1M/FLuR5Uto94zOiEleBS0eqaqbIqMVxId/DVIouUXPgWA7oiGeMMqe YCt5aT16I3jEjnr2DSiSGiGbHL7NZAiyVwa81ZMMP667ArcB1vRgv8AM1gy6CC4N3DrV 0W9z2KjArZlfOWZyZq7TaGSprj6OuWaEXfxOMjM9BOOo9GTQ4LKFye5Bzv5v6Ciutztv VbIshfdeodZoE34ZufiN7y3B7RnJ4wYSSNDFrMHr4vQISC1T44TfUt9mTQHgFKfSEWTt O/4de9aP6Tny3EUtCW4IfyM+Lm/yMbnNHza+M6BuCM/Rojk51oceLUQ8QrRkCF1kfdvq 0cWw== Sender: isar-users@googlegroups.com X-Gm-Message-State: AOAM530J0sBQDAASAr18BV+d78ZvF+VJZ1Xf6rtI4QNWlp8B+HhZ1yGm rHPecnByyVREklTEp8uk+b4= X-Google-Smtp-Source: ABdhPJyWb3MdRs97UudXY0TQE0t1WN08hSWlTymAEZ8HV6Kjyv3T9zZmzSONBez9k6EaQpPo0x+9sQ== X-Received: by 2002:a5d:680a:0:b0:20a:e5ed:9b5e with SMTP id w10-20020a5d680a000000b0020ae5ed9b5emr26718613wru.110.1652357076817; Thu, 12 May 2022 05:04:36 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com Received: by 2002:a05:600c:500d:b0:394:77fc:d6b8 with SMTP id n13-20020a05600c500d00b0039477fcd6b8ls4410845wmr.1.canary-gmail; Thu, 12 May 2022 05:04:35 -0700 (PDT) X-Received: by 2002:a05:600c:2205:b0:394:193a:80ed with SMTP id z5-20020a05600c220500b00394193a80edmr9778903wml.191.1652357075835; Thu, 12 May 2022 05:04:35 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1652357075; cv=none; d=google.com; s=arc-20160816; b=IPzv7Y7gMcyVfRmK3YETnePznHrvjmCLHqQH0qw1hYz4hVa8u+R548RVzzdxd4nkXB CJW+3PzKQpiBySPJlWFS5d4ijc02q59KTdNEiN5sjRjeH1DLBAQ2ZbrGgSXHZiWZwHW+ knY4KvBDtl9xUBvmVPLK3q2XeJMM+7Y+90e+in4hZNIOzpQwJYLVb7gSGhl5v+D90b63 PjlrX/zzROod7p/Cw8FtKPgiuhEsxQFIqSymkO/GY0p0lZWdIsl4FgMBgwnEKwFUGod/ 6MfLgFuL7V5BugUzK73ak819SH3vMIM/sjtjkio5uynj6x3XAKOlO2ZfzS8ysTqW0+GM cWaA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=feedback-id:content-transfer-encoding:mime-version:references :in-reply-to:message-id:date:subject:to:from:dkim-signature; bh=/td/+LuWDfwvHjl8D/+KbqBY+3sK2wU9yqwcvPZmdKc=; b=M7W0WDBVPdaBo/TvMcIA3upEyPwEwaBJW7h1kY+87rFp63oLzQ9sLceP8+iWpjzbV6 0LtIQLl0jfJ7wq6Ni7WaFxUXB0ietyiu+pCYVd1YECp6pJKhaSZmwdwHKOzho1RwfRzw Si+u0d+e0um8uIpo3tXW7HPKmNgX8efoIzk4h57DaTl1P/stCdqmNrkCgZpyWtNOMA2q gLVBsZSlw0R+iDae0v2gx587XvIffu402ojSxQ06riHV1Mf165dSvqDqiZt7rtkXoE1Z N7S44+G9zq696QsIHHJKy3/AS60FzKsFVowdkyu52ptJhmMz4Rm4nYRUA/KJLkVtGfu6 crkQ== ARC-Authentication-Results: i=1; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=fm1 header.b=K8N9apDZ; spf=pass (google.com: domain of fm-51332-20220512120435e4bff55ce5190ceab6-exsk0h@rts-flowmailer.siemens.com designates 185.136.65.227 as permitted sender) smtp.mailfrom=fm-51332-20220512120435e4bff55ce5190ceab6-EXSk0h@rts-flowmailer.siemens.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=siemens.com Received: from mta-65-227.siemens.flowmailer.net (mta-65-227.siemens.flowmailer.net. [185.136.65.227]) by gmr-mx.google.com with ESMTPS id h16-20020adffd50000000b0020c6d76cc7fsi212877wrs.7.2022.05.12.05.04.35 for (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Thu, 12 May 2022 05:04:35 -0700 (PDT) Received-SPF: pass (google.com: domain of fm-51332-20220512120435e4bff55ce5190ceab6-exsk0h@rts-flowmailer.siemens.com designates 185.136.65.227 as permitted sender) client-ip=185.136.65.227; Received: by mta-65-227.siemens.flowmailer.net with ESMTPSA id 20220512120435e4bff55ce5190ceab6 for ; Thu, 12 May 2022 14:04:35 +0200 From: Quirin Gylstorff To: jan.kiszka@siemens.com, isar-users@googlegroups.com, henning.schild@siemens.com Subject: [PATCH v2 1/2] classes/image-account-extension:Move account configuration to post-process Date: Thu, 12 May 2022 14:04:32 +0200 Message-Id: <20220512120433.695303-2-Quirin.Gylstorff@siemens.com> In-Reply-To: <20220512120433.695303-1-Quirin.Gylstorff@siemens.com> References: <20220512120433.695303-1-Quirin.Gylstorff@siemens.com> MIME-Version: 1.0 X-Flowmailer-Platform: Siemens Feedback-ID: 519:519-51332:519-21489:flowmailer X-Original-Sender: quirin.gylstorff@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=fm1 header.b=K8N9apDZ; spf=pass (google.com: domain of fm-51332-20220512120435e4bff55ce5190ceab6-exsk0h@rts-flowmailer.siemens.com designates 185.136.65.227 as permitted sender) smtp.mailfrom=fm-51332-20220512120435e4bff55ce5190ceab6-EXSk0h@rts-flowmailer.siemens.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=siemens.com Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Status: No, score=-0.9 required=5.0 tests=DKIMWL_WL_MED, DKIM_SIGNED, DKIM_VALID,DKIM_VALID_EF,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,RCVD_IN_MSPIKE_H2,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-getmail-retrieved-from-mailbox: INBOX From: Quirin Gylstorff If the root account is deactivate during rootfs configuration , e.g. by setting 'USER_root[expire]="01-01-1970"', the following error occurs if a packages tries to create/modifies a user account. ``` Setting up systemd (247.3-7) ... Created symlink /etc/systemd/system/getty.target.wants/getty@tty1.service -> /lib/systemd/system/getty@.service. Created symlink /etc/systemd/system/multi-user.target.wants/remote-fs.target -> /lib/systemd/system/remote-fs.target. Created symlink /etc/systemd/system/sysinit.target.wants/systemd-pstore.service -> /lib/systemd/system/systemd-pstore.service. Initializing machine ID from random generator. Your account has expired; please contact your system administrator. chfn: PAM: Authentication failure adduser: `/bin/chfn -f systemd Network Management systemd-network' returned error code 1. Exiting. dpkg: error processing package systemd (--configure): installed systemd package post-installation script subprocess returned error exit status 1 Setting up dmsetup (2:1.02.175-2.1) ... Errors were encountered while processing: systemd E: Sub-process /usr/bin/dpkg returned an error code (1) WARNING: exit code 100 from a shell command. ``` This move also allows /etc/skel modification to be applicable to all users. Signed-off-by: Quirin Gylstorff --- RECIPE-API-CHANGELOG.md | 6 ++++++ meta/classes/image-account-extension.bbclass | 3 +-- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/RECIPE-API-CHANGELOG.md b/RECIPE-API-CHANGELOG.md index 5913dd27..8996e1b6 100644 --- a/RECIPE-API-CHANGELOG.md +++ b/RECIPE-API-CHANGELOG.md @@ -349,3 +349,9 @@ For a list of well-known Debian build profiles and common practices, we refer to It was replaced by WIC and no more needed. Machines that use `rpi-sdimg` image type should be modified to use `wic` type with `rpi-sdimg` wks file instead. + +### Handling of variables USERS and GROUPS is moved to image post processing + +The user and groups defined by the variables `USERS` and `GROUPS` +was moved from image configuration to image post processing. The users and +groups are now created after all packages are installed. diff --git a/meta/classes/image-account-extension.bbclass b/meta/classes/image-account-extension.bbclass index c9bebe85..caa962a0 100644 --- a/meta/classes/image-account-extension.bbclass +++ b/meta/classes/image-account-extension.bbclass @@ -58,8 +58,7 @@ IMAGE_ACCOUNTS_GROUPS =+ "${@gen_accounts_array(d, 'GROUPS', 'GROUP', ['gid', 'f do_rootfs_install[vardeps] += "${IMAGE_ACCOUNTS_GROUPS} ${IMAGE_ACCOUNTS_USERS}" -ROOTFS_CONFIGURE_COMMAND += "image_configure_accounts" -image_configure_accounts[weight] = "3" +ROOTFS_POSTPROCESS_COMMAND += "image_configure_accounts" image_configure_accounts() { # Create groups # Add space to the end of the list: From patchwork Thu May 12 04:04:33 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Quirin Gylstorff X-Patchwork-Id: 1798 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3) with LMTPA; Thu, 12 May 2022 14:04:43 +0200 X-Sieve: CMU Sieve 2.4 Received: from mail-ed1-f55.google.com (mail-ed1-f55.google.com [209.85.208.55]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8) with ESMTPS id 24CC4gpJ018014 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Thu, 12 May 2022 14:04:42 +0200 Received: by mail-ed1-f55.google.com with SMTP id k15-20020a508acf000000b0042a448a43cdsf115871edk.13 for ; Thu, 12 May 2022 05:04:42 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1652357077; cv=pass; d=google.com; s=arc-20160816; b=Sz0VVu5Y4AA7e4NfWfiFJSnfEmTVpDZi7aB79ozXj3OoztK0WeKVkENpfABVP6Kjnt /G6z00AX02pphB2Yeme5f8Xss4yRoej9mrQUFXMQH4Pppwfig1KxigW/wPINcF0XXQ07 s+trEFedAx0ZaE1Lb+nS+Bd8CZBeiS2buOIUtMb04gaKld1FjLXQy+zQ7UBRtjd1e8uQ 8+w+f8A4g6gFjInq01D7CWNQ2cnZk6rD14ftTvAs2tDueQhyAy6NRyCP+MbHXfw0Ph/r rUZUFc5lXS0Tf9mysZQMlsQhAua+iM/is+LXGJtW9bfeETL+OtJbeIAArZEy5gbDMxnU 9mdw== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:feedback-id:mime-version:references :in-reply-to:message-id:date:subject:to:from:sender:dkim-signature; bh=6ZdQZpxERJr+voChYMmikiBjms6H7X1hYjusnRX8yl0=; b=hPTbbKmX8LcCsa/GSpgg49VYk7IlMbazvAfdUW3WQkuJDZfqi8ZtLrtRTSfmfdSLVV W2WJk8dE45Rbd0g23ZtLCvGy+5Te3UlS0l6VnX6lQH1P0TAVjS2i5Y7RDikTFhFxSYAB J2PP9BK3B9wN6z2C9ovNlkVDYVvO/21u2uSKtGFhTXEjF2ATNbWa4KOvjhKx+owcK7le +3zL9smwsRSheqMHTTHzAonS5H6pEPjUW8pGHFQKcxL/o0yxLMCgmBWHrwv6zFgU0D06 xHqziI1gZD/qSz/7Befm48NaU8GRP5aCcdSucxMwB14Rx2w8z2FPLrchR4sxOwT51yNe WU4g== ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=fm1 header.b=bQ2D0xpj; spf=pass (google.com: domain of fm-51332-202205121204352154f9d795207f32ef-up7r4x@rts-flowmailer.siemens.com designates 185.136.64.227 as permitted sender) smtp.mailfrom=fm-51332-202205121204352154f9d795207f32ef-up7R4X@rts-flowmailer.siemens.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20210112; h=sender:from:to:subject:date:message-id:in-reply-to:references :mime-version:feedback-id:x-original-sender :x-original-authentication-results:precedence:mailing-list:list-id :list-post:list-help:list-archive:list-subscribe:list-unsubscribe; bh=6ZdQZpxERJr+voChYMmikiBjms6H7X1hYjusnRX8yl0=; b=YQ5Kuc3vKlY20xYdmvOWAi4VOlUqb9Yjs3PZJ8tb8bdqcQrHhvyrna8rpzq5D/WmCI rG8jAEmS3Xa+wLL/QWGI5FeVbWXlS4GL4GoRbwAF717O5y53cO6gT6d61B75WvmjQnCo jkzDNuSJLy8EceIOOdMDHmv0fNvzKVd2pRdNVpktU3MB/lPR0zujVmLR5oZUUsQMhAat iAGzdvJtFMA+nZRaEDPeNqfS87/uTfeqb992K31lmV2osBM25yTgojgyVb0exwuoLc7f rRfyJ8qUxR9YD8ww4AMbDmOy8og9S/yXn2349tHg6yFbnvE6C7H0Z6jyAWJQiuoJBhRm +f+Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=sender:x-gm-message-state:from:to:subject:date:message-id :in-reply-to:references:mime-version:feedback-id:x-original-sender :x-original-authentication-results:precedence:mailing-list:list-id :x-spam-checked-in-group:list-post:list-help:list-archive :list-subscribe:list-unsubscribe; bh=6ZdQZpxERJr+voChYMmikiBjms6H7X1hYjusnRX8yl0=; b=R6cuSaM/uDe4P62AEPJ+c4VBe7Q/Lrco31RA4b+LAk2eurX9vH8rBg9i/uB6qr+Lq8 KvvLrQXz7hS7oYK6+DP0rq2WT539zoRBJLGLEyTucc7LbVNA7iyP8Y/nxifylIFXCCyJ VGGVTyaELDSfmbAJJzX9qjXA/xhtSCEzULgjl7JQhqf7tA2Zav5qk+oZ1ukdAy8d5lhF WjVbnPozvL4RUalZwTeo6eDQoNIwQ43m8NrsXGEUahkMIi3BBnv0jkBqR8zI7gorJet5 aB5rwRi+CzOPujKdXQPRSaCqRjNCApn7uajufTCaNAvRx5ygblFFUyVF0yxRXfbgw3o0 71Bw== Sender: isar-users@googlegroups.com X-Gm-Message-State: AOAM530UEVbub2wWMpTnCbUmWIkDT0cyI16/0/VfUBhW3zFbXQZrkbTi 3XOceyoc1pwNwyFRJvwIHLk= X-Google-Smtp-Source: ABdhPJzT6VHkjwwtHVw77fKaFlCLchKQN3K816Kl2wEfL6jZWx4VmOAGrGezeaqboPTyUAFIYSzEtQ== X-Received: by 2002:a05:6402:1d90:b0:425:dd36:447c with SMTP id dk16-20020a0564021d9000b00425dd36447cmr34994795edb.347.1652357077422; Thu, 12 May 2022 05:04:37 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com Received: by 2002:a05:6402:270b:b0:427:d070:5bfe with SMTP id y11-20020a056402270b00b00427d0705bfels1572239edd.0.gmail; Thu, 12 May 2022 05:04:36 -0700 (PDT) X-Received: by 2002:aa7:c6da:0:b0:428:24bc:e652 with SMTP id b26-20020aa7c6da000000b0042824bce652mr34633171eds.21.1652357076475; Thu, 12 May 2022 05:04:36 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1652357076; cv=none; d=google.com; s=arc-20160816; b=mmQLGtJVS/EjcgbreWmrk4GdlwSrL8mwd6QR0OMmDnLFj3XDFoOzWyKulsopFX+4lG u4aLjMRciDtji2wcxujyg794WEEP84+HUNKNrt1tx7yAgrcSGuTsb4V1oSnwpqpiIU1x mKtVYBkghK8lPuj+3/lZ4wDS34SJjauT8adNSPfHE5xd4ycf3+JjyEdHAsxIn9A7hTW3 GBOLHurDT2vTiSfNs1Z34XGvTZSbWpcHKANBbRGrUsPt8MG8SYcDthMi1pa/37PXgPVe BBswXI/u1iTgj0INoMzMZCejLVYx0v/l/A0YDpr60dteMm/e9/+2kZMerIoXlQ6ORFyh 9U4w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=feedback-id:content-transfer-encoding:mime-version:references :in-reply-to:message-id:date:subject:to:from:dkim-signature; bh=i+M/f7hTauGlqEqW2IVmSZL7wozMHJ0mC2bTYEQ9+Eo=; b=1Lj3+ggNrp+8fzBHahlc/JA4YRiW5MnmDdgdstPtlYKdUwSzqjeLgsoxWR2gKS3CB7 kQwGQC7WI8hv20TRCh2kvl1ZlYXE2giwPT+PrQiT9QVBQ85RRnkn1n7nIPZ9jv9O332c 69hlGfqL4QOadpv5Kp68vh4kLUUz37Nlodoai2OZtF07W6VUHXhQKOdLJGa1TlHuAHLp tcZD6lTFotA/67Gi17PsA5UBKrneii01CLDdlcXmv1VBw7ZeNkC6POFh2wl2ITrd80li I0wWv9b2xAGRyZ5VXAHRnL6xv8RkuV7Zrhaa3fON6Iw8r+0u3Kebcxv/JnXJ8qB51gn/ TFCg== ARC-Authentication-Results: i=1; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=fm1 header.b=bQ2D0xpj; spf=pass (google.com: domain of fm-51332-202205121204352154f9d795207f32ef-up7r4x@rts-flowmailer.siemens.com designates 185.136.64.227 as permitted sender) smtp.mailfrom=fm-51332-202205121204352154f9d795207f32ef-up7R4X@rts-flowmailer.siemens.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=siemens.com Received: from mta-64-227.siemens.flowmailer.net (mta-64-227.siemens.flowmailer.net. [185.136.64.227]) by gmr-mx.google.com with ESMTPS id og11-20020a1709071dcb00b006f4639cc02dsi248348ejc.2.2022.05.12.05.04.36 for (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Thu, 12 May 2022 05:04:36 -0700 (PDT) Received-SPF: pass (google.com: domain of fm-51332-202205121204352154f9d795207f32ef-up7r4x@rts-flowmailer.siemens.com designates 185.136.64.227 as permitted sender) client-ip=185.136.64.227; Received: by mta-64-227.siemens.flowmailer.net with ESMTPSA id 202205121204352154f9d795207f32ef for ; Thu, 12 May 2022 14:04:36 +0200 From: Quirin Gylstorff To: jan.kiszka@siemens.com, isar-users@googlegroups.com, henning.schild@siemens.com Subject: [PATCH v2 2/2] classes/image-account-extension: Add flag to force password change on first login Date: Thu, 12 May 2022 14:04:33 +0200 Message-Id: <20220512120433.695303-3-Quirin.Gylstorff@siemens.com> In-Reply-To: <20220512120433.695303-1-Quirin.Gylstorff@siemens.com> References: <20220512120433.695303-1-Quirin.Gylstorff@siemens.com> MIME-Version: 1.0 X-Flowmailer-Platform: Siemens Feedback-ID: 519:519-51332:519-21489:flowmailer X-Original-Sender: quirin.gylstorff@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=fm1 header.b=bQ2D0xpj; spf=pass (google.com: domain of fm-51332-202205121204352154f9d795207f32ef-up7r4x@rts-flowmailer.siemens.com designates 185.136.64.227 as permitted sender) smtp.mailfrom=fm-51332-202205121204352154f9d795207f32ef-up7R4X@rts-flowmailer.siemens.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=siemens.com Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Status: No, score=-0.9 required=5.0 tests=DKIMWL_WL_MED, DKIM_SIGNED, DKIM_VALID,DKIM_VALID_EF,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI, SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-getmail-retrieved-from-mailbox: INBOX From: Quirin Gylstorff This avoids possible errors if `passwd --expire root` is set during package installation. Signed-off-by: Quirin Gylstorff --- doc/user_manual.md | 1 + meta/classes/image-account-extension.bbclass | 7 ++++++- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/doc/user_manual.md b/doc/user_manual.md index cdb73224..02874b6d 100644 --- a/doc/user_manual.md +++ b/doc/user_manual.md @@ -678,6 +678,7 @@ The `USERS` and `USER_` variable works similar to the `GROUPS` and `GR - `system` - `useradd` will be called with `--system`. - `allow-empty-password` - Even if the `password` flag is empty, it will still be set. This results in a login without password. - `clear-text-password` - The `password` flag of the given user contains a clear-text password and not an encrypted version of it. + - `force-passwd-change` - Force the user to change to password on first login. #### Home directory contents prefilling diff --git a/meta/classes/image-account-extension.bbclass b/meta/classes/image-account-extension.bbclass index caa962a0..99de8b0d 100644 --- a/meta/classes/image-account-extension.bbclass +++ b/meta/classes/image-account-extension.bbclass @@ -17,7 +17,7 @@ USERS ??= "" #USER_root[home] = "/home/root" #USER_root[shell] = "/bin/sh" #USER_root[groups] = "audio video" -#USER_root[flags] = "no-create-home create-home system allow-empty-password clear-text-password" +#USER_root[flags] = "no-create-home create-home system allow-empty-password clear-text-password force-passwd-change" GROUPS ??= "" @@ -258,5 +258,10 @@ image_configure_accounts() { printf '%s:%s' "$name" "$password" | sudo chroot '${ROOTFSDIR}' \ /usr/sbin/chpasswd $chpasswd_args fi + if [ "${flags}" != "${flags%*,force-passwd-change,*}" ]; then + echo "Execute passwd to force password change on first boot for \"$name\"" + sudo -E chroot '${ROOTFSDIR}' \ + /usr/bin/passwd --expire "$name" + fi done }