[OE-core] [meta-oe][PATCH 1/3] systemd: remove 2 obsolete useradds

adrian.freihofer at gmail.com adrian.freihofer at gmail.com
Mon Apr 15 21:49:10 UTC 2019 

On Mon, 2019-04-15 at 09:40 +0800, ChenQi wrote:
> On 04/14/2019 09:24 PM, Adrian Freihofer wrote:
> > - Users systemd-journal-remote and systemd-journal-upload are not
> > used by
> 
> I guess you mean 'systemd-journal-gateway'?
You are right. I will send a V2 if I can convince you of this change
after all. 
> Anyway, I have some concern about this change.
> 
> Adding these users is not supposed to cause any runtime problem, as
> if 
> the user has already exists, DynamicUser mechanism just does not try
> to 
> create one.
> I also can recall the systemd-timesync once had DynamicUser=yes, but 
> then removed such setting.
> So if there is no compelling reason (security?) why we should use 
> DynamicUser, let's leave these two users there.
> 
> Best Regards,
> Chen Qi
I agree with you, it works as it is. That's a strong argument.

However, traditional Unix user IDs are not ideal for embedded systems.
Especially with an image based firmware update and daemons writing to
persistent storage, traditional Unix user IDs are problematic.
With useradd-staticids enabled this problem can be addressed. But we
have to maintain static user IDs manually.
With this patch applied systemd would just generate the user IDs in any
case (static or dynamic users) without manual interaction.
Here we have the chance to get rid of two user IDs, which seems to me
to be an advantage anyway.

Another, weaker argument: Static user IDs are a rare ressource.

Are you still against this change or should I send V2 with fixed commit
comment of this third patch?

Best Regards,
Adrian
> 
> >    systemd anymore. Systemd creates dynamic users for services
> > without
> >    persistent data.
> > - Fix start of journal-remote
> > 
> > Signed-off-by: Adrian Freihofer <adrian.freihofer at gmail.com>
> > ---
> >   meta/recipes-core/systemd/systemd_241.bb | 6 +-----
> >   1 file changed, 1 insertion(+), 5 deletions(-)
> > 
> > diff --git a/meta/recipes-core/systemd/systemd_241.bb
> > b/meta/recipes-core/systemd/systemd_241.bb
> > index 3a58f44a3b..8e493d5b55 100644
> > --- a/meta/recipes-core/systemd/systemd_241.bb
> > +++ b/meta/recipes-core/systemd/systemd_241.bb
> > @@ -334,9 +334,7 @@ SYSTEMD_PACKAGES = "${@bb.utils.contains('PACKA
> > GECONFIG', 'binfmt', '${PN}-binfm
> >   SYSTEMD_SERVICE_${PN}-binfmt = "systemd-binfmt.service"
> >   
> >   USERADD_PACKAGES = "${PN} ${PN}-extra-utils \
> > -                    ${@bb.utils.contains('PACKAGECONFIG',
> > 'microhttpd', '${PN}-journal-gateway', '', d)} \
> >                       ${@bb.utils.contains('PACKAGECONFIG',
> > 'microhttpd', '${PN}-journal-remote', '', d)} \
> > -                    ${@bb.utils.contains('PACKAGECONFIG',
> > 'journal-upload', '${PN}-journal-upload', '', d)} \
> >   "
> >   GROUPADD_PARAM_${PN} = "-r systemd-journal"
> >   USERADD_PARAM_${PN} += "${@bb.utils.contains('PACKAGECONFIG',
> > 'coredump', '--system -d / -M --shell /bin/nologin systemd-
> > coredump;', '', d)}"
> > @@ -345,9 +343,7 @@ USERADD_PARAM_${PN} += "${@bb.utils.contains('P
> > ACKAGECONFIG', 'polkit', '--syste
> >   USERADD_PARAM_${PN} += "${@bb.utils.contains('PACKAGECONFIG',
> > 'resolved', '--system -d / -M --shell /bin/nologin systemd-
> > resolve;', '', d)}"
> >   USERADD_PARAM_${PN} += "${@bb.utils.contains('PACKAGECONFIG',
> > 'timesyncd', '--system -d / -M --shell /bin/nologin systemd-
> > timesync;', '', d)}"
> >   USERADD_PARAM_${PN}-extra-utils = "--system -d / -M --shell
> > /bin/nologin systemd-bus-proxy"
> > -USERADD_PARAM_${PN}-journal-gateway = "--system -d / -M --shell
> > /bin/nologin systemd-journal-gateway"
> >   USERADD_PARAM_${PN}-journal-remote = "--system -d / -M --shell
> > /bin/nologin systemd-journal-remote"
> > -USERADD_PARAM_${PN}-journal-upload = "--system -d / -M --shell
> > /bin/nologin systemd-journal-upload"
> >   
> >   FILES_${PN}-analyze = "${bindir}/systemd-analyze"
> >   
> > @@ -401,7 +397,7 @@ FILES_${PN}-journal-remote =
> > "${rootlibexecdir}/systemd/systemd-journal-remote \
> >                                 ${systemd_system_unitdir}/systemd-
> > journal-remote.service \
> >                                 ${systemd_system_unitdir}/systemd-
> > journal-remote.socket \
> >                                "
> > -SYSTEMD_SERVICE_${PN}-remote = "systemd-journal-remote.socket"
> > +SYSTEMD_SERVICE_${PN}-journal-remote = "systemd-journal-
> > remote.socket"
> >   
> >   
> >   FILES_${PN}-container = "${sysconfdir}/dbus-
> > 1/system.d/org.freedesktop.import1.conf \
> 
>

More information about the Openembedded-core mailing list