[OE-core] [meta-oe][PATCH 1/3] systemd: remove 2 obsolete useradds

ChenQi Qi.Chen at windriver.com
Tue Apr 16 01:26:57 UTC 2019 

On 04/16/2019 05:49 AM, adrian.freihofer at gmail.com wrote:
> On Mon, 2019-04-15 at 09:40 +0800, ChenQi wrote:
>> On 04/14/2019 09:24 PM, Adrian Freihofer wrote:
>>> - Users systemd-journal-remote and systemd-journal-upload are not
>>> used by
>> I guess you mean 'systemd-journal-gateway'?
> You are right. I will send a V2 if I can convince you of this change
> after all.
>> Anyway, I have some concern about this change.
>>
>> Adding these users is not supposed to cause any runtime problem, as
>> if
>> the user has already exists, DynamicUser mechanism just does not try
>> to
>> create one.
>> I also can recall the systemd-timesync once had DynamicUser=yes, but
>> then removed such setting.
>> So if there is no compelling reason (security?) why we should use
>> DynamicUser, let's leave these two users there.
>>
>> Best Regards,
>> Chen Qi
> I agree with you, it works as it is. That's a strong argument.
>
> However, traditional Unix user IDs are not ideal for embedded systems.
> Especially with an image based firmware update and daemons writing to
> persistent storage, traditional Unix user IDs are problematic.
> With useradd-staticids enabled this problem can be addressed. But we
> have to maintain static user IDs manually.
> With this patch applied systemd would just generate the user IDs in any
> case (static or dynamic users) without manual interaction.
> Here we have the chance to get rid of two user IDs, which seems to me
> to be an advantage anyway.
>
> Another, weaker argument: Static user IDs are a rare ressource.
>
> Are you still against this change or should I send V2 with fixed commit
> comment of this third patch?

I'm not against this change.
I don't use journal-gateway/journal-upload, so I think you have more 
real-world experience.
V2 with the fixed commit is OK.

Best Regards,
Chen Qi


> Best Regards,
> Adrian
>>>     systemd anymore. Systemd creates dynamic users for services
>>> without
>>>     persistent data.
>>> - Fix start of journal-remote
>>>
>>> Signed-off-by: Adrian Freihofer <adrian.freihofer at gmail.com>
>>> ---
>>>    meta/recipes-core/systemd/systemd_241.bb | 6 +-----
>>>    1 file changed, 1 insertion(+), 5 deletions(-)
>>>
>>> diff --git a/meta/recipes-core/systemd/systemd_241.bb
>>> b/meta/recipes-core/systemd/systemd_241.bb
>>> index 3a58f44a3b..8e493d5b55 100644
>>> --- a/meta/recipes-core/systemd/systemd_241.bb
>>> +++ b/meta/recipes-core/systemd/systemd_241.bb
>>> @@ -334,9 +334,7 @@ SYSTEMD_PACKAGES = "${@bb.utils.contains('PACKA
>>> GECONFIG', 'binfmt', '${PN}-binfm
>>>    SYSTEMD_SERVICE_${PN}-binfmt = "systemd-binfmt.service"
>>>    
>>>    USERADD_PACKAGES = "${PN} ${PN}-extra-utils \
>>> -                    ${@bb.utils.contains('PACKAGECONFIG',
>>> 'microhttpd', '${PN}-journal-gateway', '', d)} \
>>>                        ${@bb.utils.contains('PACKAGECONFIG',
>>> 'microhttpd', '${PN}-journal-remote', '', d)} \
>>> -                    ${@bb.utils.contains('PACKAGECONFIG',
>>> 'journal-upload', '${PN}-journal-upload', '', d)} \
>>>    "
>>>    GROUPADD_PARAM_${PN} = "-r systemd-journal"
>>>    USERADD_PARAM_${PN} += "${@bb.utils.contains('PACKAGECONFIG',
>>> 'coredump', '--system -d / -M --shell /bin/nologin systemd-
>>> coredump;', '', d)}"
>>> @@ -345,9 +343,7 @@ USERADD_PARAM_${PN} += "${@bb.utils.contains('P
>>> ACKAGECONFIG', 'polkit', '--syste
>>>    USERADD_PARAM_${PN} += "${@bb.utils.contains('PACKAGECONFIG',
>>> 'resolved', '--system -d / -M --shell /bin/nologin systemd-
>>> resolve;', '', d)}"
>>>    USERADD_PARAM_${PN} += "${@bb.utils.contains('PACKAGECONFIG',
>>> 'timesyncd', '--system -d / -M --shell /bin/nologin systemd-
>>> timesync;', '', d)}"
>>>    USERADD_PARAM_${PN}-extra-utils = "--system -d / -M --shell
>>> /bin/nologin systemd-bus-proxy"
>>> -USERADD_PARAM_${PN}-journal-gateway = "--system -d / -M --shell
>>> /bin/nologin systemd-journal-gateway"
>>>    USERADD_PARAM_${PN}-journal-remote = "--system -d / -M --shell
>>> /bin/nologin systemd-journal-remote"
>>> -USERADD_PARAM_${PN}-journal-upload = "--system -d / -M --shell
>>> /bin/nologin systemd-journal-upload"
>>>    
>>>    FILES_${PN}-analyze = "${bindir}/systemd-analyze"
>>>    
>>> @@ -401,7 +397,7 @@ FILES_${PN}-journal-remote =
>>> "${rootlibexecdir}/systemd/systemd-journal-remote \
>>>                                  ${systemd_system_unitdir}/systemd-
>>> journal-remote.service \
>>>                                  ${systemd_system_unitdir}/systemd-
>>> journal-remote.socket \
>>>                                 "
>>> -SYSTEMD_SERVICE_${PN}-remote = "systemd-journal-remote.socket"
>>> +SYSTEMD_SERVICE_${PN}-journal-remote = "systemd-journal-
>>> remote.socket"
>>>    
>>>    
>>>    FILES_${PN}-container = "${sysconfdir}/dbus-
>>> 1/system.d/org.freedesktop.import1.conf \
>>
>

More information about the Openembedded-core mailing list