[OE-core] [v2 PATCH 0/2] Implement deterministic uid/gid

Mark Hatle mark.hatle at windriver.com
Tue Feb 4 23:39:30 UTC 2014 

V2:

Rebase to latest master...

Rework the code a bit based on comments from a few people.  Specifically
add a mode where passwd/group file entries are NOT overridden (blank info).

Clearly comment that the 'password' field is ignored, as is the group's
member fields.

Ensure that the 'enforcing' mode, doesn't trigger build failures, but simply
excludes the recipe from the build list.  If the package is needed an error
indicating the problem will be generated.  Makes for a cleaner build, and a
more targeted passwd/group file.


This was tested by doing the following:

(not enabling any of the code), build core-image-sato

copy the passwd/group file from tmp-eglibc/sysroots/<machine>/etc/ to meta/files/.

Clear the build directory

Enable the code adding the following to the conf/local.conf:
USERADD_REWRITE_PARAMS = '1'

Build, compare the rootfs  /etc/passwd and /etc/group to the version in meta/files.
Verify the uid, gid and other information match.  (Note xuser will have a slight
difference in the 'shell' field, but this is does to the difference between the
configuration of the sysroot and the target filesystem.)

Clear the build directory again

Enable the code adding the following to conf/local.conf:
USERADD_ERROR_DYNAMIC = '1'

Repeat the validation steps.

Clear the build directory again

Modify the meta/files/passwd and remove the items in the comment, home_dir and
shell fields.  i.e.:

root::0:0:root:/home/root:/bin/sh

becomes

root::0:0:::

Repeat the build, verify the fields are all correct in the final image.

V1:

The following series implements the deterministic uid/gid setting for a
distribution.  Currently when a filesystem is generated the uid/gid values
are generally set at install time, so the install order determines what
the actual uid/gid values become.  In order to create a deterministic uid/gid
set, that still dynamically constructs the passwd/group file, we add an
option to read a special passwd/group file to allow the system to determine
the values.

It uses the existing parameters, and the values from the special passwd/group
files to reconstruct the parameter set to ensure these items are fully
defined with static values.

The first patch (01/02) is generally applicable.  It fixes a real bug in
the way the user/group adds occur today within the system.

Patch 02/02 implements the new functionality.


The following changes since commit 8461283a648d7c5affd51971ebd9b35a8a4c625f:

  sstate: Improve funciton checksums (2014-02-04 22:49:58 +0000)

are available in the git repository at:

  git://git.yoctoproject.org/poky-contrib mhatle/uidgid
  http://git.yoctoproject.org/cgit.cgi/poky-contrib/log/?h=mhatle/uidgid

Mark Hatle (2):
  useradd.bbclass: Fix build time install issues
  useradd.bbclass: Add ability to select a static uid/gid automatically

 meta/classes/useradd.bbclass         | 279 ++++++++++++++++++++++++++++++++++-
 meta/conf/local.conf.sample.extended |  24 +++
 2 files changed, 297 insertions(+), 6 deletions(-)

-- 
1.8.5.3

More information about the Openembedded-core mailing list