diff --git a/macros.sysusers b/macros.sysusers index f353b1b..716cb2f 100644 --- a/macros.sysusers +++ b/macros.sysusers @@ -5,7 +5,7 @@ # # When a package creates a system account, it should use the following macros: # -# add %sysusers_requires in the package section +# add %?sysusers_requires in the package section # # add "%sysusers_generate_pre []" to build section # @@ -18,7 +18,7 @@ # ### -%sysusers_requires Requires(pre): sysuser-shadow >= 3.1 +%sysusers_requires Requires(pre): sysuser-shadow >= 3.2 %sysusers_generate_pre() \ %{_prefix}/lib/rpm/sysusers-generate-pre "%1" "%3" >> "%2".pre diff --git a/sysuser-tools.changes b/sysuser-tools.changes index 244457c..ad8c1b7 100644 --- a/sysuser-tools.changes +++ b/sysuser-tools.changes @@ -1,3 +1,85 @@ +------------------------------------------------------------------- +Mon Jan 27 16:41:20 UTC 2025 - Thorsten Kukuk + +- Add support for "u!" with useradd (shadow). busybox has no + support for account/password expiration + +------------------------------------------------------------------- +Wed Dec 11 11:05:25 UTC 2024 - Thorsten Kukuk + +- Directly check return value of systemd-sysusers + +------------------------------------------------------------------- +Mon Dec 9 06:30:23 UTC 2024 - Thorsten Kukuk + +- Drop SLE15 support and remove disable-systemd-sysusers.patch + +------------------------------------------------------------------- +Mon Dec 9 05:59:25 UTC 2024 - Thorsten Kukuk + +- sysuser-shadow: remove systemd 238 dependency, this does not + work in a single RPM transaction [bsc#1234277]. Call + systemd-sysuser instead again without --replace. + +------------------------------------------------------------------- +Wed Aug 7 13:42:07 UTC 2024 - Thorsten Kukuk + +- Remove check for .buildenv to see failures in OBS + +------------------------------------------------------------------- +Wed Aug 7 10:04:38 UTC 2024 - Thorsten Kukuk + +- usermod: revert renamed arguments + +------------------------------------------------------------------- +Mon Aug 5 14:25:14 UTC 2024 - Thorsten Kukuk + +- Implement UID:GID support for busybox +- Reenable UID:GID support + +------------------------------------------------------------------- +Sat Aug 3 06:09:03 UTC 2024 - Thorsten Kukuk + +- Disable UID:GID support for now + +------------------------------------------------------------------- +Fri Aug 2 12:18:53 UTC 2024 - Thorsten Kukuk + +- UID:GID: don't create group with GID if it does not exist + +------------------------------------------------------------------- +Fri Aug 2 08:24:06 UTC 2024 - Thorsten Kukuk + +- Rewrite UID:GID support to work with busybox and fix it for useradd + +------------------------------------------------------------------- +Mon Jul 1 15:01:19 UTC 2024 - Johannes Weberhofer + +- Allow setting of UID:GID for as defined in sysusers.d + +------------------------------------------------------------------- +Tue Nov 7 10:07:20 UTC 2023 - Dominique Leuenberger + +- Fix build with RPM 4.19: unnumbered patches are no longer + supported. + +------------------------------------------------------------------- +Tue Jul 18 18:18:18 UTC 2023 - olaf@aepfle.de + +- Version 3.2 +- update sysusers_requires to request sysuser-shadow 3.2 +- Use TAB consistently for indention in sysusers2shadow.sh +- This pkg needs to follow behavior which is described in sysusers.d(5). + Always create a system group of the same name as the system user, + even if the user already exists. (bsc#1205161, bsc#1207778, bsc#1213240) + +------------------------------------------------------------------- +Mon Jul 17 17:17:17 UTC 2023 - olaf@aepfle.de + +- Add "quilt setup" friendly hint to %sysusers_requires usage + It is not required to have sysuser-tools installed when working + with a pkg source which uses sysuser-tools at build time. + ------------------------------------------------------------------- Tue Sep 6 15:49:48 UTC 2022 - Callum Farmer @@ -8,6 +90,12 @@ Tue Feb 1 12:58:30 UTC 2022 - Dirk Müller - invoke bash for bash scripts (bsc#1195391) +------------------------------------------------------------------- +Fri Nov 26 09:43:02 UTC 2021 - Thorsten Kukuk + +- Disable systemd-sysuser on SLE15 to stay compatible + (disable-systemd-sysusers.patch) + ------------------------------------------------------------------- Wed Sep 8 09:12:05 UTC 2021 - Thorsten Kukuk diff --git a/sysuser-tools.spec b/sysuser-tools.spec index ee9d35e..b04daa9 100644 --- a/sysuser-tools.spec +++ b/sysuser-tools.spec @@ -1,7 +1,7 @@ # # spec file for package sysuser-tools # -# Copyright (c) 2022 SUSE LLC +# Copyright (c) 2025 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,7 +17,7 @@ Name: sysuser-tools -Version: 3.1 +Version: 3.3 Release: 0 Summary: Auto provides for system users License: MIT @@ -42,12 +42,6 @@ Group: System/Packages Requires(pre): (/usr/sbin/useradd or busybox) # prefer original shadow over busybox by default Suggests: shadow -# sysusers2shdow uses sysusers2shadow uses systemd-sysusers if available. And we might pass --replace to it -# --replace only appeared in systemd 238,so we want to ensure: if we have systemd, it must be recent enough -# the Requires(pre) statement is to ensure we get it at any moment recent enough, not only at the end of -# transactions, otherwise upgrades might randomly fail -Requires(pre): (systemd >= 238 if systemd) -Requires: (systemd >= 238 if systemd) %description -n sysuser-shadow This package contians a tool, which expects as input a sysusers.d @@ -78,7 +72,7 @@ m me nogroup EOF cat < expected-account-pre -/usr/sbin/sysusers2shadow me.conf <<"EOF" || [ -f /.buildenv ] +/usr/sbin/sysusers2shadow me.conf <<"EOF" u me - "myself" /dev/null m me nogroup g asdf diff --git a/sysusers-generate-pre b/sysusers-generate-pre index 824ba71..bd1f8d7 100644 --- a/sysusers-generate-pre +++ b/sysusers-generate-pre @@ -1,6 +1,6 @@ #!/bin/bash # pass systemd sysusers config paths as argument to this script. -echo "/usr/sbin/sysusers2shadow $2 <<\"EOF\" || [ -f /.buildenv ]" +echo "/usr/sbin/sysusers2shadow $2 <<\"EOF\"" (while read -r line; do if [[ $line =~ ^\s*[ugmr] ]]; then echo "$line"; fi; done) < "$1" echo 'EOF' diff --git a/sysusers2shadow.sh b/sysusers2shadow.sh index 1cbfa44..24316f5 100644 --- a/sysusers2shadow.sh +++ b/sysusers2shadow.sh @@ -9,100 +9,124 @@ run() { if [ -x /usr/bin/systemd-sysusers ] && [ -e /proc/version ]; then - if [ -n "$1" ] && [ "$1" != "%3" ]; then - REPLACE_ARG="--replace=/usr/lib/sysusers.d/$1" ||: - fi - # Use systemd-sysusers and let it read the input directly from stdin - run /usr/bin/systemd-sysusers $REPLACE_ARG - + if [ -n "$1" ] && [ "$1" != "%3" ]; then + REPLACE_ARG="--replace=/usr/lib/sysusers.d/$1" + fi + # Use systemd-sysusers and let it read the input directly from stdin + if ! run /usr/bin/systemd-sysusers $REPLACE_ARG - ; then + run /usr/bin/systemd-sysusers - + fi else + # Absolute path to busybox, if found + busybox= + for i in /bin/busybox /usr/bin/busybox; do [ -x "$i" ] && busybox=$i; done - # Absolute path to busybox, if found - busybox= - for i in /bin/busybox /usr/bin/busybox; do [ -x "$i" ] && busybox=$i; done - - while read LINE - do - # "eval set" to do proper splitting while respecting quotes - eval set -- $LINE - case "${1-}" in - \#*|"") - ;; - g) - shift - ARGUMENTS="$1" - if [ -n "${2-}" ] && [ "$2" != "-" ]; then - ARGUMENTS="-g $2 $ARGUMENTS" - fi - - if ! /usr/bin/getent group "$1" >> /dev/null; then - if [ -x "/usr/sbin/groupadd" ]; then - run /usr/sbin/groupadd -r $ARGUMENTS - elif [ -x "$busybox" ]; then - run $busybox addgroup -S $ARGUMENTS - else - echo "ERROR: neither groupadd nor busybox found!" - exit 1 - fi - fi + while read LINE + do + # "eval set" to do proper splitting while respecting quotes + eval set -- $LINE + case "${1-}" in + \#*|"") ;; - u) - shift - ARGUMENTS="$1" - if [ -n "${2-}" ] && [ "$2" != "-" ]; then - ARGUMENTS="-u $2 $ARGUMENTS" - fi - homedir="/" # If null, empty or '-' - if [ "${4:--}" != "-" ]; then - homedir="$4" - fi - - # Set shell only if not null, empty nor '-' - if [ "${5:--}" != "-" ]; then - ARGUMENTS="$ARGUMENTS -s $5" - else - ARGUMENTS="$ARGUMENTS -s /usr/sbin/nologin" - fi - - if [ -x /usr/sbin/useradd ]; then - if ! /usr/bin/getent passwd "$1" >> /dev/null; then - # this is useradd/shadow specific - if /usr/bin/getent group "$1" >> /dev/null; then - ARGUMENTS="-g $1 $ARGUMENTS" - else - ARGUMENTS="-U $ARGUMENTS" + g) + shift + ARGUMENTS="$1" + if [ -n "${2-}" ] && [ "$2" != "-" ]; then + ARGUMENTS="-g $2 $ARGUMENTS" fi - run /usr/sbin/useradd -r -c "$3" -d "${homedir}" $ARGUMENTS - fi - elif [ -x "$busybox" ]; then - /usr/bin/getent group "$1" >> /dev/null || $busybox addgroup -S "$1" + if ! /usr/bin/getent group "$1" >> /dev/null; then + if [ -x "/usr/sbin/groupadd" ]; then + run /usr/sbin/groupadd -r $ARGUMENTS + elif [ -x "$busybox" ]; then + run $busybox addgroup -S $ARGUMENTS + else + echo "ERROR: neither groupadd nor busybox found!" + exit 1 + fi + fi + ;; + u|u\!) + if [ "${1}" = "u!" ]; then + EXPIRE_DATE="1970-01-02" + fi - if ! /usr/bin/getent passwd "$1" >> /dev/null; then - run $busybox adduser -S -H -g "$3" -G "$1" -h "${homedir}" $ARGUMENTS - fi - else - echo "ERROR: neither useradd nor busybox found!" - exit 1 - fi + shift + ARGUMENTS="$1" + + if /usr/bin/getent passwd "$1" >> /dev/null; then + continue + fi + + # Split user and Group id. Must work with busybox sh. + case $2 in + (*:*) USER_ID=${2%:*} GROUP_ID=${2##*:};; + (*) USER_ID=$2 GROUP_ID="";; + esac + + if [ -n "$USER_ID" ] && [ "$USER_ID" != "-" ]; then + ARGUMENTS="-u $USER_ID $ARGUMENTS" + fi + + homedir="/" # If null, empty or '-' + if [ "${4:--}" != "-" ]; then + homedir="$4" + fi + + # Set shell only if not null, empty nor '-' + if [ "${5:--}" != "-" ]; then + ARGUMENTS="$ARGUMENTS -s $5" + else + ARGUMENTS="$ARGUMENTS -s /usr/sbin/nologin" + fi + + if [ -x /usr/sbin/useradd ]; then + if [ -n "$GROUP_ID" ] && [ "$GROUP_ID" != "-" ]; then + ARGUMENTS="-g $GROUP_ID $ARGUMENTS" + else + # this is useradd/shadow specific + if /usr/bin/getent group "$1" >> /dev/null; then + ARGUMENTS="-g $1 $ARGUMENTS" + else + ARGUMENTS="-U $ARGUMENTS" + fi + fi + + run /usr/sbin/useradd -r -c "$3" -d "${homedir}" $ARGUMENTS + if [ -n "$EXPIRE_DATE" ]; then + TZ=UTC chage -E "$EXPIRE_DATE" "$1" + fi + elif [ -x "$busybox" ]; then + if [ -n "$GROUP_ID" ] && [ "$GROUP_ID" != "-" ]; then + run $busybox adduser -S -H -g "$3" -G "GROUP_ID" -h "${homedir}" $ARGUMENTS + else + /usr/bin/getent group "$1" >> /dev/null || $busybox addgroup -S "$1" + + run $busybox adduser -S -H -g "$3" -G "$1" -h "${homedir}" $ARGUMENTS + fi + else + echo "ERROR: neither useradd nor busybox found!" + exit 1 + fi ;; - m) - shift - if [ -x /usr/sbin/usermod ] ; then - run /usr/sbin/usermod -a -G $2 $1 - elif [ -x "$busybox" ]; then - run $busybox addgroup $1 $2 - else - echo "ERROR: neither usermod nor busybox found!" - exit 1 - fi + m) + shift + if [ -x /usr/sbin/usermod ] ; then + run /usr/sbin/usermod -a -G "$2" "$1" + elif [ -x "$busybox" ]; then + run $busybox addgroup "$1" "$2" + else + echo "ERROR: neither usermod nor busybox found!" + exit 1 + fi ;; - r) - echo "range option ignored: \"$LINE\"" + r) + echo "range option ignored: \"$LINE\"" ;; - *) - echo "Syntax Error: \"$LINE\"" - exit 1 + *) + echo "Syntax Error: \"$LINE\"" + exit 1 ;; - esac - done + esac + done fi