SLFO-pool/sysuser-tools
SHA256
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Sync from SUSE:SLFO:Main sysuser-tools revision 3d091025a2bc9b37c2f3626823ae3de0

Browse Source
This commit is contained in:
Adrian Schröter 2025-02-25 18:53:14 +01:00
parent dc1aec1fdb
commit 20c4cf2274
5 changed files with 204 additions and 98 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
macros.sysusers
View File

@ -5,7 +5,7 @@
#
# When a package creates a system account, it should use the following macros:
#
# add %sysusers_requires in the package section
# add %?sysusers_requires in the package section
#
# add "%sysusers_generate_pre <source file> <account> [<config>]" to build section
#
@ -18,7 +18,7 @@
#
###
%sysusers_requires Requires(pre): sysuser-shadow >= 3.1
%sysusers_requires Requires(pre): sysuser-shadow >= 3.2
%sysusers_generate_pre() \
%{_prefix}/lib/rpm/sysusers-generate-pre "%1" "%3" >> "%2".pre

88
sysuser-tools.changes
View File

@ -1,3 +1,85 @@
-------------------------------------------------------------------
Mon Jan 27 16:41:20 UTC 2025 - Thorsten Kukuk <kukuk@suse.com>
- Add support for "u!" with useradd (shadow). busybox has no
support for account/password expiration
-------------------------------------------------------------------
Wed Dec 11 11:05:25 UTC 2024 - Thorsten Kukuk <kukuk@suse.com>
- Directly check return value of systemd-sysusers
-------------------------------------------------------------------
Mon Dec 9 06:30:23 UTC 2024 - Thorsten Kukuk <kukuk@suse.com>
- Drop SLE15 support and remove disable-systemd-sysusers.patch
-------------------------------------------------------------------
Mon Dec 9 05:59:25 UTC 2024 - Thorsten Kukuk <kukuk@suse.com>
- sysuser-shadow: remove systemd 238 dependency, this does not
work in a single RPM transaction [bsc#1234277]. Call
systemd-sysuser instead again without --replace.
-------------------------------------------------------------------
Wed Aug 7 13:42:07 UTC 2024 - Thorsten Kukuk <kukuk@suse.com>
- Remove check for .buildenv to see failures in OBS
-------------------------------------------------------------------
Wed Aug 7 10:04:38 UTC 2024 - Thorsten Kukuk <kukuk@suse.com>
- usermod: revert renamed arguments
-------------------------------------------------------------------
Mon Aug 5 14:25:14 UTC 2024 - Thorsten Kukuk <kukuk@suse.com>
- Implement UID:GID support for busybox
- Reenable UID:GID support
-------------------------------------------------------------------
Sat Aug 3 06:09:03 UTC 2024 - Thorsten Kukuk <kukuk@suse.com>
- Disable UID:GID support for now
-------------------------------------------------------------------
Fri Aug 2 12:18:53 UTC 2024 - Thorsten Kukuk <kukuk@suse.com>
- UID:GID: don't create group with GID if it does not exist
-------------------------------------------------------------------
Fri Aug 2 08:24:06 UTC 2024 - Thorsten Kukuk <kukuk@suse.com>
- Rewrite UID:GID support to work with busybox and fix it for useradd
-------------------------------------------------------------------
Mon Jul 1 15:01:19 UTC 2024 - Johannes Weberhofer <jweberhofer@weberhofer.at>
- Allow setting of UID:GID for as defined in sysusers.d
-------------------------------------------------------------------
Tue Nov 7 10:07:20 UTC 2023 - Dominique Leuenberger <dimstar@opensuse.org>
- Fix build with RPM 4.19: unnumbered patches are no longer
supported.
-------------------------------------------------------------------
Tue Jul 18 18:18:18 UTC 2023 - olaf@aepfle.de
- Version 3.2
- update sysusers_requires to request sysuser-shadow 3.2
- Use TAB consistently for indention in sysusers2shadow.sh
- This pkg needs to follow behavior which is described in sysusers.d(5).
Always create a system group of the same name as the system user,
even if the user already exists. (bsc#1205161, bsc#1207778, bsc#1213240)
-------------------------------------------------------------------
Mon Jul 17 17:17:17 UTC 2023 - olaf@aepfle.de
- Add "quilt setup" friendly hint to %sysusers_requires usage
It is not required to have sysuser-tools installed when working
with a pkg source which uses sysuser-tools at build time.
-------------------------------------------------------------------
Tue Sep 6 15:49:48 UTC 2022 - Callum Farmer <gmbr3@opensuse.org>
@ -8,6 +90,12 @@ Tue Feb 1 12:58:30 UTC 2022 - Dirk Müller <dmueller@suse.com>
- invoke bash for bash scripts (bsc#1195391)
-------------------------------------------------------------------
Fri Nov 26 09:43:02 UTC 2021 - Thorsten Kukuk <kukuk@suse.com>
- Disable systemd-sysuser on SLE15 to stay compatible
(disable-systemd-sysusers.patch)
-------------------------------------------------------------------
Wed Sep 8 09:12:05 UTC 2021 - Thorsten Kukuk <kukuk@suse.com>

12
sysuser-tools.spec
View File

@ -1,7 +1,7 @@
#
# spec file for package sysuser-tools
#
# Copyright (c) 2022 SUSE LLC
# Copyright (c) 2025 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@ -17,7 +17,7 @@
Name: sysuser-tools
Version: 3.1
Version: 3.3
Release: 0
Summary: Auto provides for system users
License: MIT
@ -42,12 +42,6 @@ Group: System/Packages
Requires(pre): (/usr/sbin/useradd or busybox)
# prefer original shadow over busybox by default
Suggests: shadow
# sysusers2shdow uses sysusers2shadow uses systemd-sysusers if available. And we might pass --replace to it
# --replace only appeared in systemd 238,so we want to ensure: if we have systemd, it must be recent enough
# the Requires(pre) statement is to ensure we get it at any moment recent enough, not only at the end of
# transactions, otherwise upgrades might randomly fail
Requires(pre): (systemd >= 238 if systemd)
Requires: (systemd >= 238 if systemd)
%description -n sysuser-shadow
This package contians a tool, which expects as input a sysusers.d
@ -78,7 +72,7 @@ m me nogroup
EOF
cat <<EOFF > expected-account-pre
/usr/sbin/sysusers2shadow me.conf <<"EOF" || [ -f /.buildenv ]
/usr/sbin/sysusers2shadow me.conf <<"EOF"
u me - "myself" /dev/null
m me nogroup
g asdf

2
sysusers-generate-pre
View File

@ -1,6 +1,6 @@
#!/bin/bash
# pass systemd sysusers config paths as argument to this script.
echo "/usr/sbin/sysusers2shadow $2 <<\"EOF\" || [ -f /.buildenv ]"
echo "/usr/sbin/sysusers2shadow $2 <<\"EOF\""
(while read -r line; do if [[ $line =~ ^\s*[ugmr] ]]; then echo "$line"; fi; done) < "$1"
echo 'EOF'

196
sysusers2shadow.sh
View File

@ -9,100 +9,124 @@ run() {
if [ -x /usr/bin/systemd-sysusers ] && [ -e /proc/version ]; then
if [ -n "$1" ] && [ "$1" != "%3" ]; then
REPLACE_ARG="--replace=/usr/lib/sysusers.d/$1" ||:
fi
# Use systemd-sysusers and let it read the input directly from stdin
run /usr/bin/systemd-sysusers $REPLACE_ARG -
if [ -n "$1" ] && [ "$1" != "%3" ]; then
REPLACE_ARG="--replace=/usr/lib/sysusers.d/$1"
fi
# Use systemd-sysusers and let it read the input directly from stdin
if ! run /usr/bin/systemd-sysusers $REPLACE_ARG - ; then
run /usr/bin/systemd-sysusers -
fi
else
# Absolute path to busybox, if found
busybox=
for i in /bin/busybox /usr/bin/busybox; do [ -x "$i" ] && busybox=$i; done
# Absolute path to busybox, if found
busybox=
for i in /bin/busybox /usr/bin/busybox; do [ -x "$i" ] && busybox=$i; done
while read LINE
do
# "eval set" to do proper splitting while respecting quotes
eval set -- $LINE
case "${1-}" in
\#*|"")
;;
g)
shift
ARGUMENTS="$1"
if [ -n "${2-}" ] && [ "$2" != "-" ]; then
ARGUMENTS="-g $2 $ARGUMENTS"
fi
if ! /usr/bin/getent group "$1" >> /dev/null; then
if [ -x "/usr/sbin/groupadd" ]; then
run /usr/sbin/groupadd -r $ARGUMENTS
elif [ -x "$busybox" ]; then
run $busybox addgroup -S $ARGUMENTS
else
echo "ERROR: neither groupadd nor busybox found!"
exit 1
fi
fi
while read LINE
do
# "eval set" to do proper splitting while respecting quotes
eval set -- $LINE
case "${1-}" in
\#*|"")
;;
u)
shift
ARGUMENTS="$1"
if [ -n "${2-}" ] && [ "$2" != "-" ]; then
ARGUMENTS="-u $2 $ARGUMENTS"
fi
homedir="/" # If null, empty or '-'
if [ "${4:--}" != "-" ]; then
homedir="$4"
fi
# Set shell only if not null, empty nor '-'
if [ "${5:--}" != "-" ]; then
ARGUMENTS="$ARGUMENTS -s $5"
else
ARGUMENTS="$ARGUMENTS -s /usr/sbin/nologin"
fi
if [ -x /usr/sbin/useradd ]; then
if ! /usr/bin/getent passwd "$1" >> /dev/null; then
# this is useradd/shadow specific
if /usr/bin/getent group "$1" >> /dev/null; then
ARGUMENTS="-g $1 $ARGUMENTS"
else
ARGUMENTS="-U $ARGUMENTS"
g)
shift
ARGUMENTS="$1"
if [ -n "${2-}" ] && [ "$2" != "-" ]; then
ARGUMENTS="-g $2 $ARGUMENTS"
fi
run /usr/sbin/useradd -r -c "$3" -d "${homedir}" $ARGUMENTS
fi
elif [ -x "$busybox" ]; then
/usr/bin/getent group "$1" >> /dev/null || $busybox addgroup -S "$1"
if ! /usr/bin/getent group "$1" >> /dev/null; then
if [ -x "/usr/sbin/groupadd" ]; then
run /usr/sbin/groupadd -r $ARGUMENTS
elif [ -x "$busybox" ]; then
run $busybox addgroup -S $ARGUMENTS
else
echo "ERROR: neither groupadd nor busybox found!"
exit 1
fi
fi
;;
u|u\!)
if [ "${1}" = "u!" ]; then
EXPIRE_DATE="1970-01-02"
fi
if ! /usr/bin/getent passwd "$1" >> /dev/null; then
run $busybox adduser -S -H -g "$3" -G "$1" -h "${homedir}" $ARGUMENTS
fi
else
echo "ERROR: neither useradd nor busybox found!"
exit 1
fi
shift
ARGUMENTS="$1"
if /usr/bin/getent passwd "$1" >> /dev/null; then
continue
fi
# Split user and Group id. Must work with busybox sh.
case $2 in
(*:*) USER_ID=${2%:*} GROUP_ID=${2##*:};;
(*) USER_ID=$2 GROUP_ID="";;
esac
if [ -n "$USER_ID" ] && [ "$USER_ID" != "-" ]; then
ARGUMENTS="-u $USER_ID $ARGUMENTS"
fi
homedir="/" # If null, empty or '-'
if [ "${4:--}" != "-" ]; then
homedir="$4"
fi
# Set shell only if not null, empty nor '-'
if [ "${5:--}" != "-" ]; then
ARGUMENTS="$ARGUMENTS -s $5"
else
ARGUMENTS="$ARGUMENTS -s /usr/sbin/nologin"
fi
if [ -x /usr/sbin/useradd ]; then
if [ -n "$GROUP_ID" ] && [ "$GROUP_ID" != "-" ]; then
ARGUMENTS="-g $GROUP_ID $ARGUMENTS"
else
# this is useradd/shadow specific
if /usr/bin/getent group "$1" >> /dev/null; then
ARGUMENTS="-g $1 $ARGUMENTS"
else
ARGUMENTS="-U $ARGUMENTS"
fi
fi
run /usr/sbin/useradd -r -c "$3" -d "${homedir}" $ARGUMENTS
if [ -n "$EXPIRE_DATE" ]; then
TZ=UTC chage -E "$EXPIRE_DATE" "$1"
fi
elif [ -x "$busybox" ]; then
if [ -n "$GROUP_ID" ] && [ "$GROUP_ID" != "-" ]; then
run $busybox adduser -S -H -g "$3" -G "GROUP_ID" -h "${homedir}" $ARGUMENTS
else
/usr/bin/getent group "$1" >> /dev/null || $busybox addgroup -S "$1"
run $busybox adduser -S -H -g "$3" -G "$1" -h "${homedir}" $ARGUMENTS
fi
else
echo "ERROR: neither useradd nor busybox found!"
exit 1
fi
;;
m)
shift
if [ -x /usr/sbin/usermod ] ; then
run /usr/sbin/usermod -a -G $2 $1
elif [ -x "$busybox" ]; then
run $busybox addgroup $1 $2
else
echo "ERROR: neither usermod nor busybox found!"
exit 1
fi
m)
shift
if [ -x /usr/sbin/usermod ] ; then
run /usr/sbin/usermod -a -G "$2" "$1"
elif [ -x "$busybox" ]; then
run $busybox addgroup "$1" "$2"
else
echo "ERROR: neither usermod nor busybox found!"
exit 1
fi
;;
r)
echo "range option ignored: \"$LINE\""
r)
echo "range option ignored: \"$LINE\""
;;
*)
echo "Syntax Error: \"$LINE\""
exit 1
*)
echo "Syntax Error: \"$LINE\""
exit 1
;;
esac
done
esac
done
fi