From patchwork Tue May 17 04:37:12 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Quirin Gylstorff X-Patchwork-Id: 1813 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3) with LMTPA; Tue, 17 May 2022 14:37:22 +0200 X-Sieve: CMU Sieve 2.4 Received: from mail-ej1-f64.google.com (mail-ej1-f64.google.com [209.85.218.64]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8) with ESMTPS id 24HCbLCn029892 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Tue, 17 May 2022 14:37:21 +0200 Received: by mail-ej1-f64.google.com with SMTP id nb10-20020a1709071c8a00b006e8f89863cesf7303352ejc.18 for ; Tue, 17 May 2022 05:37:21 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1652791036; cv=pass; d=google.com; s=arc-20160816; b=qZgD7/Cd8mZ4uHiWY/FTXmTjN+UajhsakPRrdFo1PDBYbqi7VT71ERSL+AkjW2hFw7 mEKlhJ2FrfcnG7fH19iVNP6FIyBU0aNcVHFoW7Am6HcL9STYmMUSVyGWQbig5SL3exh3 dryPbMuyMZppaDzkaRWEIOuIRzmDT31Twk3JK0H3x6bYWMe44H7YQi4DKWEt+H2TWGvx rJxs2br8xViIe4R7X8YOPdXKiJ6NLaZx7kqdd/2v0I4Om/RUDvMb9nzAT4gdP+7PaFl6 HgrIqj5BMKt+pQHzsGZlE0Act6j20P8bt/4bzH5JHxN5f7rUJ7zWoHLrnQGE/E0XXGhH 0oKA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:feedback-id:mime-version:references :in-reply-to:message-id:date:subject:to:from:sender:dkim-signature; bh=GvVsetKUQUUS8MxfXcIuU16h7XBxyzSPbsgpleRvCW4=; b=EsyxpwJOyFk0Q7OfB4ti6trPOtxFqUcj/4savxesaydME9VdZeJgcBLUXWp1ZcZMrU HoZqfpfpZxvULXN7n9RF4o9dvYwWWQH1bUuotYF65/8cyhXPUP0Udca9xtbdb73HYjHm rvBktCpi222TRK1OzpRl4XQ6NICDIcl7e34sVnRvGWPwfv2IrGWI/Uw5S/ajlroslUi4 W+U7AVnGimeqK5ZZD6A0bEikVbCvu/gQhbQRGI2ZbdDpWvb/A2bJJqHxdYot15As5Gqy /E15ZsJMMYZNs/AMqXsH0WiP7MiYr3CxtM1fV9tpFjWZ/LBa3uLA+PBh0eTt6bwAWCGJ n8HA== ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=fm1 header.b=a5rUOtY5; spf=pass (google.com: domain of fm-51332-20220517123714a3f4aa50ed092db7b6-zldy5c@rts-flowmailer.siemens.com designates 185.136.64.227 as permitted sender) smtp.mailfrom=fm-51332-20220517123714a3f4aa50ed092db7b6-ZLDY5C@rts-flowmailer.siemens.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20210112; h=sender:from:to:subject:date:message-id:in-reply-to:references :mime-version:feedback-id:x-original-sender :x-original-authentication-results:precedence:mailing-list:list-id :list-post:list-help:list-archive:list-subscribe:list-unsubscribe; bh=GvVsetKUQUUS8MxfXcIuU16h7XBxyzSPbsgpleRvCW4=; b=ODr3IkVtg5Xyv9/r2pejO/lp06IffzjFJKrmRTlVC2ZEdhE9+gaHMSqis7nIaX3AWd LDZa4KHNo0+tRwsm10YuCz1mmQvbCoLGAJD85l9wsmn0fgrIHKt4VkyvbkyC3/RlfEhy 4kkLrXKOlcLJAgycbSThnVR+GAlFfhlhFRir0NJpek5PsDJwarABoNEPFvddfeOEI0Oi AIQKEi+I2B+QxqjTFyd24sJZNfRDOzDUwvS9n8BG7deqDue7oDvJSkRdGmqKIY/l0+/c z7tfsYh6vzPieAjA6XLgzS0YJzEFMeTTvNtgQcw0SuwsnAD1I1NaTiaUi7wK/GaxI62d enMQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=sender:x-gm-message-state:from:to:subject:date:message-id :in-reply-to:references:mime-version:feedback-id:x-original-sender :x-original-authentication-results:precedence:mailing-list:list-id :x-spam-checked-in-group:list-post:list-help:list-archive :list-subscribe:list-unsubscribe; bh=GvVsetKUQUUS8MxfXcIuU16h7XBxyzSPbsgpleRvCW4=; b=IY3kx+r1xqJlX6HQF48wAMNIMXtvaEKzH2KfmPXvTf6ghyEDKbkGIPTxqHsqY97Eb8 7b27b+GCBiP/PZMzzGTLiR2y9zGcTMxjLKGZZm3ZJKCZxEh9lNP0IUcl6B8maETTih05 zPQg1jplL7u3UWUzQajA1yve68jnedABR+jiis2igbyXZVWymIdOk1bANQsvsOtCwl6P p06PpDjtRQKN4XLoC/hSxPEIrqG4PTxVYejahm8r5f1yKNX7CcZVnwxLLBbNirwi0C8X K2REVT64s3HBLoSBeV8enIn0iKcDlyILy1RYgETBIV3Amk8ad7Ww0/s/xC5k0Iv4RvYP N0Bw== Sender: isar-users@googlegroups.com X-Gm-Message-State: AOAM531sxhJJpdmYoc/qZU45HZ+cY8FGoh5p7DSZOgSbaFh0H7/xkfr+ qmUc7tAKQiMGrfeVXgyxiXY= X-Google-Smtp-Source: ABdhPJzcnGCdppz9bXicOBFd6NjH8+ee4IjG4CRwsfMa32rcwRiTty0Z1GPzCVqCuxQJVgSHMXobwg== X-Received: by 2002:a05:6402:50d1:b0:428:1473:d173 with SMTP id h17-20020a05640250d100b004281473d173mr18967393edb.37.1652791036202; Tue, 17 May 2022 05:37:16 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com Received: by 2002:a05:6402:2741:b0:41f:7eee:e393 with SMTP id z1-20020a056402274100b0041f7eeee393ls932287edd.3.gmail; Tue, 17 May 2022 05:37:15 -0700 (PDT) X-Received: by 2002:a05:6402:1113:b0:428:679e:f73f with SMTP id u19-20020a056402111300b00428679ef73fmr18939308edv.378.1652791035278; Tue, 17 May 2022 05:37:15 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1652791035; cv=none; d=google.com; s=arc-20160816; b=hcAVjoDFewK6To6MNto1Ew9nuRn3Js0YYF6c8QWdUV7Nfz85dz4LjriO5rbCqNg2yP CBODEWeEUjPk9GsVwIXDuFUNJTP/fyug5T6eCJtP8QkgyGvrpi9C3Oy05Jtfha7qboyq DVFkDs+IZqiQ8UXDXkOhGXNMCG9TUCXliSx23srDmZ75bfZyCey+YpHGPlE8bwTEGUVE bQ00g+goKbGaJXA+GS3HSD9EVzYqWmEFtQZp9UUYY4+6YRjF2sL5FXADngRfE+oPmKCu wfx3GS/rbHKzt5X17Opv/L8L42Q9eZg/ITxv2lfbG0HSBPBcsx5R7KBKAvsii1Kg2YJ4 6PKA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=feedback-id:content-transfer-encoding:mime-version:references :in-reply-to:message-id:date:subject:to:from:dkim-signature; bh=zioeJZdFyjIiby9fFjwbuarp4aC2ZKlDP8vumMCeb3I=; b=y1hqrj9zjuIWeJqoPRcIUKHFLEyPx/jyEgk+NFgBuAcBvakIBET5vozO6Y2/WuMz8k FYVMyP+g36SOAi5K1xzeJ/UdRQy9FBWqz2WXDyhzd7eY0NLm3TlFUI6A1n/fRXftAcDU CVijdfJ8RqWZ0g7z1TVope+QzYvsmw/896ZktkVV/NPx2u0EkkSG5Pgx75Xr1YzTudid tgEMq0n99kwcFZe4TzKlErR6xct6H24A5lThIDCWLdUpSPQ/en4M5sDv7hZN53/88dUH qlwsngUu2BhGp5YxtNAhp8SK7Wa6Rv7f8otkydP5xA1FPzFPD3m8yJJkHxe07eJzLpX4 xe0w== ARC-Authentication-Results: i=1; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=fm1 header.b=a5rUOtY5; spf=pass (google.com: domain of fm-51332-20220517123714a3f4aa50ed092db7b6-zldy5c@rts-flowmailer.siemens.com designates 185.136.64.227 as permitted sender) smtp.mailfrom=fm-51332-20220517123714a3f4aa50ed092db7b6-ZLDY5C@rts-flowmailer.siemens.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=siemens.com Received: from mta-64-227.siemens.flowmailer.net (mta-64-227.siemens.flowmailer.net. [185.136.64.227]) by gmr-mx.google.com with ESMTPS id b22-20020a50e796000000b0041cf5333d81si763431edn.4.2022.05.17.05.37.15 for (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Tue, 17 May 2022 05:37:15 -0700 (PDT) Received-SPF: pass (google.com: domain of fm-51332-20220517123714a3f4aa50ed092db7b6-zldy5c@rts-flowmailer.siemens.com designates 185.136.64.227 as permitted sender) client-ip=185.136.64.227; Received: by mta-64-227.siemens.flowmailer.net with ESMTPSA id 20220517123714a3f4aa50ed092db7b6 for ; Tue, 17 May 2022 14:37:15 +0200 From: Quirin Gylstorff To: jan.kiszka@siemens.com, isar-users@googlegroups.com, henning.schild@siemens.com Subject: [PATCH v3 1/2] classes/image-account-extension:Move account configuration to post-process Date: Tue, 17 May 2022 14:37:12 +0200 Message-Id: <20220517123713.675215-2-Quirin.Gylstorff@siemens.com> In-Reply-To: <20220517123713.675215-1-Quirin.Gylstorff@siemens.com> References: <20220517123713.675215-1-Quirin.Gylstorff@siemens.com> MIME-Version: 1.0 X-Flowmailer-Platform: Siemens Feedback-ID: 519:519-51332:519-21489:flowmailer X-Original-Sender: quirin.gylstorff@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=fm1 header.b=a5rUOtY5; spf=pass (google.com: domain of fm-51332-20220517123714a3f4aa50ed092db7b6-zldy5c@rts-flowmailer.siemens.com designates 185.136.64.227 as permitted sender) smtp.mailfrom=fm-51332-20220517123714a3f4aa50ed092db7b6-ZLDY5C@rts-flowmailer.siemens.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=siemens.com Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Status: No, score=-0.9 required=5.0 tests=DKIMWL_WL_MED, DKIM_SIGNED, DKIM_VALID,DKIM_VALID_EF,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,RCVD_IN_MSPIKE_H2,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-getmail-retrieved-from-mailbox: INBOX From: Quirin Gylstorff If the root account is deactivate during rootfs configuration , e.g. by setting 'USER_root[expire]="01-01-1970"', the following error occurs if a packages tries to create/modifies a user account. ``` Setting up systemd (247.3-7) ... Created symlink /etc/systemd/system/getty.target.wants/getty@tty1.service -> /lib/systemd/system/getty@.service. Created symlink /etc/systemd/system/multi-user.target.wants/remote-fs.target -> /lib/systemd/system/remote-fs.target. Created symlink /etc/systemd/system/sysinit.target.wants/systemd-pstore.service -> /lib/systemd/system/systemd-pstore.service. Initializing machine ID from random generator. Your account has expired; please contact your system administrator. chfn: PAM: Authentication failure adduser: `/bin/chfn -f systemd Network Management systemd-network' returned error code 1. Exiting. dpkg: error processing package systemd (--configure): installed systemd package post-installation script subprocess returned error exit status 1 Setting up dmsetup (2:1.02.175-2.1) ... Errors were encountered while processing: systemd E: Sub-process /usr/bin/dpkg returned an error code (1) WARNING: exit code 100 from a shell command. ``` This move also allows /etc/skel modification to be applicable to all users. Signed-off-by: Quirin Gylstorff --- RECIPE-API-CHANGELOG.md | 6 ++++++ meta/classes/image-account-extension.bbclass | 5 ++--- meta/classes/image.bbclass | 9 +++++++++ 3 files changed, 17 insertions(+), 3 deletions(-) diff --git a/RECIPE-API-CHANGELOG.md b/RECIPE-API-CHANGELOG.md index f3b30351..d1ed6792 100644 --- a/RECIPE-API-CHANGELOG.md +++ b/RECIPE-API-CHANGELOG.md @@ -397,3 +397,9 @@ New conversions can be added by defining CONVERSION_CMD_type. - the conversions appends its own type, e.g. the output file of a conversion `xz` would be ${IMAGE_FULLNAME}.${type}.xz - a final chown is appended automatically + +### Handling of variables USERS and GROUPS is moved to image post processing + +The user and groups defined by the variables `USERS` and `GROUPS` +was moved from image configuration to image post processing. The users and +groups are now created after all packages are installed. diff --git a/meta/classes/image-account-extension.bbclass b/meta/classes/image-account-extension.bbclass index c9bebe85..c64ba769 100644 --- a/meta/classes/image-account-extension.bbclass +++ b/meta/classes/image-account-extension.bbclass @@ -58,9 +58,8 @@ IMAGE_ACCOUNTS_GROUPS =+ "${@gen_accounts_array(d, 'GROUPS', 'GROUP', ['gid', 'f do_rootfs_install[vardeps] += "${IMAGE_ACCOUNTS_GROUPS} ${IMAGE_ACCOUNTS_USERS}" -ROOTFS_CONFIGURE_COMMAND += "image_configure_accounts" -image_configure_accounts[weight] = "3" -image_configure_accounts() { +ROOTFS_POSTPROCESS_COMMAND += "image_postprocess_accounts" +image_postprocess_accounts() { # Create groups # Add space to the end of the list: list='${@" ".join(d.getVar('IMAGE_ACCOUNTS_GROUPS', True).split())} ' diff --git a/meta/classes/image.bbclass b/meta/classes/image.bbclass index aa6c510c..0da56b7a 100644 --- a/meta/classes/image.bbclass +++ b/meta/classes/image.bbclass @@ -440,6 +440,15 @@ do_rootfs_quality_check() { args="${args} ! -path ${ROOTFSDIR}/etc/os-release";; image_postprocess_machine_id) args="${args} ! -path ${ROOTFSDIR}/etc/machine-id";; + image_postprocess_accounts) + args="${args} ! -path ${ROOTFSDIR}/etc/passwd \ + ! -path ${ROOTFSDIR}/etc/subgid \ + ! -path ${ROOTFSDIR}/etc/subuid \ + ! -path ${ROOTFSDIR}/etc/shadow- \ + ! -path ${ROOTFSDIR}/etc/gshadow \ + ! -path ${ROOTFSDIR}/etc/shadow \ + ! -path ${ROOTFSDIR}/etc/group" + ;; esac done found=$( sudo find ${ROOTFSDIR} -type f -newer $rootfs_install_stamp $args ) From patchwork Tue May 17 04:37:13 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Quirin Gylstorff X-Patchwork-Id: 1815 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3) with LMTPA; Tue, 17 May 2022 14:37:25 +0200 X-Sieve: CMU Sieve 2.4 Received: from mail-lj1-f188.google.com (mail-lj1-f188.google.com [209.85.208.188]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8) with ESMTPS id 24HCbOqG029899 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Tue, 17 May 2022 14:37:25 +0200 Received: by mail-lj1-f188.google.com with SMTP id f10-20020a2e9e8a000000b00250925fec6asf4277844ljk.20 for ; Tue, 17 May 2022 05:37:25 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1652791039; cv=pass; d=google.com; s=arc-20160816; b=KWQ/5IJW8cAugdo1R6RneJQBIZqXIb3//WD2dggaes72dqQojEB4zCbdnLWQ+ht4RN LiL9Ye5jrEzuWJaueyZBtFmVgS7iNAV5WAWpYrKJHFtUqa86QyrdrFHfzBxtrbZHuGVg 5hvs0R71feHpTjmo74s2IvpFTBq4dVDMR1daIQJcH8rFn2oI5qfORrbtwv4odvuKhMwQ A+Egrtwp1teO7Zg2hmiWjd+On9UDei8jmRv5piKkgVUVoL+eyo83t2naAywJt0JAQAxH 8qVbChyWz/r91ve5TJBU2qkpTlHHD6TS3vIxa6AT/iOZNl8jKOZKAmeOGftxxCVKxhrk Vq+w== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:feedback-id:mime-version:references :in-reply-to:message-id:date:subject:to:from:sender:dkim-signature; bh=xMwODQ4JUp5J0TZxbmljrIEzZghVpIUcsUnnUU6JptA=; b=pMBgjEGMrqsLBZOgEjSipWK0aJ6v2aq1c2xp6QDZEmOcL6ecmMleyLQbwKgr3FjkJF 0YR3KDP2om2qUoZ6IeFmQvbt+YCz5dLUumLS04s3M7/5xloEYVur8pQ00gk1OrqyRJ2x R+msXVnWbp+lGjC3NRPEx4Fs3QdYNBGBPOcrXbIcx90Wfpj7GYXeDCLz9NYGroIFWnZo zWNZew6RphQscZx1chToQYbIZgFmQhQAB6ZYWtAxiBoGQEuZK3ZTvPcKQSlQuDqKytVZ AJ4asXwWpnnbjs2HB9/MdkfYqel+aUG0+9SSgJxfLSwSd7U4yyiPakTJFXwcrF4njV81 clMg== ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=fm1 header.b=BxQTn1Uh; spf=pass (google.com: domain of fm-51332-2022051712371518d8cbfec73298476c-dibpzp@rts-flowmailer.siemens.com designates 185.136.64.227 as permitted sender) smtp.mailfrom=fm-51332-2022051712371518d8cbfec73298476c-DibPzp@rts-flowmailer.siemens.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20210112; h=sender:from:to:subject:date:message-id:in-reply-to:references :mime-version:feedback-id:x-original-sender :x-original-authentication-results:precedence:mailing-list:list-id :list-post:list-help:list-archive:list-subscribe:list-unsubscribe; bh=xMwODQ4JUp5J0TZxbmljrIEzZghVpIUcsUnnUU6JptA=; b=HCNu8cUcRF3IAeQiLr8cN/SrT+TX4iUi8MrfLXCz6PZPKTjULGDcWCwzZnBqNcafCL cWOPukfyt+HNbA9PtJAsADIcIbweY1LpJvYGaVNzfDFDyeaC3iIKJtvNIHPspWkpEvYr QYSnxP0tgm0XDsPPHlF9eSS+puQvrX5l0oJ4LSyIPRqelSqn8a+h+5z5NkARRpHdCeyw LhRopBuZ659UkYGPQjr4jyRUGCdKDZrTP5p64pULbr1ZYI9gFYDYrOig0/CTdkKqOPsY rJa7lNTfh3LcsOgIcnOmT+UCMb3O66rh96/8I/SOym0ghN2G6+SWUhid2V5nj05a38rL WEiQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=sender:x-gm-message-state:from:to:subject:date:message-id :in-reply-to:references:mime-version:feedback-id:x-original-sender :x-original-authentication-results:precedence:mailing-list:list-id :x-spam-checked-in-group:list-post:list-help:list-archive :list-subscribe:list-unsubscribe; bh=xMwODQ4JUp5J0TZxbmljrIEzZghVpIUcsUnnUU6JptA=; b=zE25IU2ra/fT/dl5BagHucO0YMWMR3Lzn8A0FU1BiGPtbSBbL1XvBW58Z5I7cQfyDX kywvZrktf8fmIgIXts38KttFNsDN855ng5yaM0CvbnzKaXpIiJ4KuCNyWtTgbYzdzeOp WNrFw0fFai4Zyh33bKTJEKdjljqqR5J2NFny3Ri7w/m/BafXBuSKgtxKu6bD4MrNy/7A q52XY88g7pSMMnqamLlpm+ccHo5TzplOU02pAx+X7FBzdtsge6MKkbzO7+CiqNLGhWWj BbjQnhFYA8AAz29HZEt17FcFHQCLI9PjQeQFPsgU5PIGDm5Cq2t2ppT2O0tLD8rIa3Yg ByVQ== Sender: isar-users@googlegroups.com X-Gm-Message-State: AOAM530yFb1fRo6Pi8abgqwMazfGkhx6mDfZYgqIOLJSz7BhJFxobuDK G1iIYVq1nr81rdB4vDfBBLk= X-Google-Smtp-Source: ABdhPJxXQJ31nx1kLP1iymvRr4AhqEuCamsLsU4grJMDqTG7HEqelzsyrUFkW1UWDYbo7P2ocjUHZA== X-Received: by 2002:a05:6512:3204:b0:472:4792:e29c with SMTP id d4-20020a056512320400b004724792e29cmr16171351lfe.553.1652791037893; Tue, 17 May 2022 05:37:17 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com Received: by 2002:a05:6512:1693:b0:448:3742:2320 with SMTP id bu19-20020a056512169300b0044837422320ls11415744lfb.1.gmail; Tue, 17 May 2022 05:37:15 -0700 (PDT) X-Received: by 2002:a05:6512:1585:b0:445:908b:ad71 with SMTP id bp5-20020a056512158500b00445908bad71mr16153125lfb.200.1652791035402; Tue, 17 May 2022 05:37:15 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1652791035; cv=none; d=google.com; s=arc-20160816; b=zl6ZtF5WacKUXK9VTV86sOrNAt5KxpgHrRIwRMRoPsI59G3VwSHEA9ewz4GX8ykfaO 7Ulq5J8Uf/J3eBy72qaXm+kJV7ZZGm6iJ2f1uDVhXbkOuc9635zJkn1s829tdJPDzaxR pcI5fALMRZZO1Ry+oabx53n7Z3rsyNGsxrZP2CaA9hZBghpsMjm+tIpT6ltKlESSOIjG Gg76oWErX2EasYAguD+qkz92wn1/4WNwRZ9pQpRrJKd+JoMuLT0+n8mzs/BMW2pz76Ke 6tE7VgLSbiyrY17XryJom7n/Iwrxaq6SzOPqzipe7SYShu9dn2oPf3DmOOeLJm3fl2M5 tHnA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=feedback-id:content-transfer-encoding:mime-version:references :in-reply-to:message-id:date:subject:to:from:dkim-signature; bh=whJbX5uwjijz3jjgPbLPqaVRoZfpfcKzsUXi5nO1210=; b=QOBq52GU3bVUpDnP3y3I8iEXVzfwkHJ6Bbx88FffbaelH4mQV6vXrK29ke0okDsl1T h98ktLyN+ow4F/PDpsymq1SjcnLi6LJxHv3DaQCP7KF61Ak4l7n5Xp/zAA3QCWAlANaS /kwilCsHt0wAgedPdZ7/UY72+Fgf6wsabBVPRfOFwpjVfHromnKSx2W0SkjBaIbzm/nY FYFmxtfCVAE2/JUwhJMJRybcWGDQtbjwa5tur5zF8k0EBuOSBCVxESmiGAAQmYo5ExzO WfqzQv7/wBr122ABWOcIBbnRLm11Z0ufmD3OurbIqSUGKFPAvZE6+/uWgCH3Fyy29D3I ivVw== ARC-Authentication-Results: i=1; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=fm1 header.b=BxQTn1Uh; spf=pass (google.com: domain of fm-51332-2022051712371518d8cbfec73298476c-dibpzp@rts-flowmailer.siemens.com designates 185.136.64.227 as permitted sender) smtp.mailfrom=fm-51332-2022051712371518d8cbfec73298476c-DibPzp@rts-flowmailer.siemens.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=siemens.com Received: from mta-64-227.siemens.flowmailer.net (mta-64-227.siemens.flowmailer.net. [185.136.64.227]) by gmr-mx.google.com with ESMTPS id c22-20020a056512239600b004720a623d80si664759lfv.7.2022.05.17.05.37.15 for (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Tue, 17 May 2022 05:37:15 -0700 (PDT) Received-SPF: pass (google.com: domain of fm-51332-2022051712371518d8cbfec73298476c-dibpzp@rts-flowmailer.siemens.com designates 185.136.64.227 as permitted sender) client-ip=185.136.64.227; Received: by mta-64-227.siemens.flowmailer.net with ESMTPSA id 2022051712371518d8cbfec73298476c for ; Tue, 17 May 2022 14:37:15 +0200 From: Quirin Gylstorff To: jan.kiszka@siemens.com, isar-users@googlegroups.com, henning.schild@siemens.com Subject: [PATCH v3 2/2] classes/image-account-extension: Add flag to force password change on first login Date: Tue, 17 May 2022 14:37:13 +0200 Message-Id: <20220517123713.675215-3-Quirin.Gylstorff@siemens.com> In-Reply-To: <20220517123713.675215-1-Quirin.Gylstorff@siemens.com> References: <20220517123713.675215-1-Quirin.Gylstorff@siemens.com> MIME-Version: 1.0 X-Flowmailer-Platform: Siemens Feedback-ID: 519:519-51332:519-21489:flowmailer X-Original-Sender: quirin.gylstorff@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=fm1 header.b=BxQTn1Uh; spf=pass (google.com: domain of fm-51332-2022051712371518d8cbfec73298476c-dibpzp@rts-flowmailer.siemens.com designates 185.136.64.227 as permitted sender) smtp.mailfrom=fm-51332-2022051712371518d8cbfec73298476c-DibPzp@rts-flowmailer.siemens.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=siemens.com Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Status: No, score=-0.9 required=5.0 tests=DKIMWL_WL_MED, DKIM_SIGNED, DKIM_VALID,DKIM_VALID_EF,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI, SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-getmail-retrieved-from-mailbox: INBOX From: Quirin Gylstorff This avoids possible errors if `passwd --expire root` is set during package installation. Signed-off-by: Quirin Gylstorff --- doc/user_manual.md | 1 + meta/classes/image-account-extension.bbclass | 7 ++++++- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/doc/user_manual.md b/doc/user_manual.md index cdb73224..02874b6d 100644 --- a/doc/user_manual.md +++ b/doc/user_manual.md @@ -678,6 +678,7 @@ The `USERS` and `USER_` variable works similar to the `GROUPS` and `GR - `system` - `useradd` will be called with `--system`. - `allow-empty-password` - Even if the `password` flag is empty, it will still be set. This results in a login without password. - `clear-text-password` - The `password` flag of the given user contains a clear-text password and not an encrypted version of it. + - `force-passwd-change` - Force the user to change to password on first login. #### Home directory contents prefilling diff --git a/meta/classes/image-account-extension.bbclass b/meta/classes/image-account-extension.bbclass index c64ba769..70950a7b 100644 --- a/meta/classes/image-account-extension.bbclass +++ b/meta/classes/image-account-extension.bbclass @@ -17,7 +17,7 @@ USERS ??= "" #USER_root[home] = "/home/root" #USER_root[shell] = "/bin/sh" #USER_root[groups] = "audio video" -#USER_root[flags] = "no-create-home create-home system allow-empty-password clear-text-password" +#USER_root[flags] = "no-create-home create-home system allow-empty-password clear-text-password force-passwd-change" GROUPS ??= "" @@ -258,5 +258,10 @@ image_postprocess_accounts() { printf '%s:%s' "$name" "$password" | sudo chroot '${ROOTFSDIR}' \ /usr/sbin/chpasswd $chpasswd_args fi + if [ "${flags}" != "${flags%*,force-passwd-change,*}" ]; then + echo "Execute passwd to force password change on first boot for \"$name\"" + sudo -E chroot '${ROOTFSDIR}' \ + /usr/bin/passwd --expire "$name" + fi done }