SLFO-pool/sysuser-tools
SHA256
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Sync from SUSE:SLFO:Main sysuser-tools revision 3d091025a2bc9b37c2f3626823ae3de0

Browse Source
This commit is contained in:
Adrian Schröter 2025-02-25 18:53:14 +01:00
parent dc1aec1fdb
commit 20c4cf2274
5 changed files with 204 additions and 98 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
macros.sysusers
View File

@ -5,7 +5,7 @@
# #
# When a package creates a system account, it should use the following macros: # When a package creates a system account, it should use the following macros:
# #
# add %sysusers_requires in the package section # add %?sysusers_requires in the package section
# #
# add "%sysusers_generate_pre <source file> <account> [<config>]" to build section # add "%sysusers_generate_pre <source file> <account> [<config>]" to build section
# #
@ -18,7 +18,7 @@
# #
### ###
%sysusers_requires Requires(pre): sysuser-shadow >= 3.1 %sysusers_requires Requires(pre): sysuser-shadow >= 3.2
%sysusers_generate_pre() \ %sysusers_generate_pre() \
%{_prefix}/lib/rpm/sysusers-generate-pre "%1" "%3" >> "%2".pre %{_prefix}/lib/rpm/sysusers-generate-pre "%1" "%3" >> "%2".pre

88
sysuser-tools.changes
View File

@ -1,3 +1,85 @@
-------------------------------------------------------------------
Mon Jan 27 16:41:20 UTC 2025 - Thorsten Kukuk <kukuk@suse.com>
- Add support for "u!" with useradd (shadow). busybox has no
support for account/password expiration
-------------------------------------------------------------------
Wed Dec 11 11:05:25 UTC 2024 - Thorsten Kukuk <kukuk@suse.com>
- Directly check return value of systemd-sysusers
-------------------------------------------------------------------
Mon Dec 9 06:30:23 UTC 2024 - Thorsten Kukuk <kukuk@suse.com>
- Drop SLE15 support and remove disable-systemd-sysusers.patch
-------------------------------------------------------------------
Mon Dec 9 05:59:25 UTC 2024 - Thorsten Kukuk <kukuk@suse.com>
- sysuser-shadow: remove systemd 238 dependency, this does not
work in a single RPM transaction [bsc#1234277]. Call
systemd-sysuser instead again without --replace.
-------------------------------------------------------------------
Wed Aug 7 13:42:07 UTC 2024 - Thorsten Kukuk <kukuk@suse.com>
- Remove check for .buildenv to see failures in OBS
-------------------------------------------------------------------
Wed Aug 7 10:04:38 UTC 2024 - Thorsten Kukuk <kukuk@suse.com>
- usermod: revert renamed arguments
-------------------------------------------------------------------
Mon Aug 5 14:25:14 UTC 2024 - Thorsten Kukuk <kukuk@suse.com>
- Implement UID:GID support for busybox
- Reenable UID:GID support
-------------------------------------------------------------------
Sat Aug 3 06:09:03 UTC 2024 - Thorsten Kukuk <kukuk@suse.com>
- Disable UID:GID support for now
-------------------------------------------------------------------
Fri Aug 2 12:18:53 UTC 2024 - Thorsten Kukuk <kukuk@suse.com>
- UID:GID: don't create group with GID if it does not exist
-------------------------------------------------------------------
Fri Aug 2 08:24:06 UTC 2024 - Thorsten Kukuk <kukuk@suse.com>
- Rewrite UID:GID support to work with busybox and fix it for useradd
-------------------------------------------------------------------
Mon Jul 1 15:01:19 UTC 2024 - Johannes Weberhofer <jweberhofer@weberhofer.at>
- Allow setting of UID:GID for as defined in sysusers.d
-------------------------------------------------------------------
Tue Nov 7 10:07:20 UTC 2023 - Dominique Leuenberger <dimstar@opensuse.org>
- Fix build with RPM 4.19: unnumbered patches are no longer
supported.
-------------------------------------------------------------------
Tue Jul 18 18:18:18 UTC 2023 - olaf@aepfle.de
- Version 3.2
- update sysusers_requires to request sysuser-shadow 3.2
- Use TAB consistently for indention in sysusers2shadow.sh
- This pkg needs to follow behavior which is described in sysusers.d(5).
Always create a system group of the same name as the system user,
even if the user already exists. (bsc#1205161, bsc#1207778, bsc#1213240)
-------------------------------------------------------------------
Mon Jul 17 17:17:17 UTC 2023 - olaf@aepfle.de
- Add "quilt setup" friendly hint to %sysusers_requires usage
It is not required to have sysuser-tools installed when working
with a pkg source which uses sysuser-tools at build time.
------------------------------------------------------------------- -------------------------------------------------------------------
Tue Sep 6 15:49:48 UTC 2022 - Callum Farmer <gmbr3@opensuse.org> Tue Sep 6 15:49:48 UTC 2022 - Callum Farmer <gmbr3@opensuse.org>
@ -8,6 +90,12 @@ Tue Feb 1 12:58:30 UTC 2022 - Dirk Müller <dmueller@suse.com>
- invoke bash for bash scripts (bsc#1195391) - invoke bash for bash scripts (bsc#1195391)
-------------------------------------------------------------------
Fri Nov 26 09:43:02 UTC 2021 - Thorsten Kukuk <kukuk@suse.com>
- Disable systemd-sysuser on SLE15 to stay compatible
(disable-systemd-sysusers.patch)
------------------------------------------------------------------- -------------------------------------------------------------------
Wed Sep 8 09:12:05 UTC 2021 - Thorsten Kukuk <kukuk@suse.com> Wed Sep 8 09:12:05 UTC 2021 - Thorsten Kukuk <kukuk@suse.com>

12
sysuser-tools.spec
View File

@ -1,7 +1,7 @@
# #
# spec file for package sysuser-tools # spec file for package sysuser-tools
# #
# Copyright (c) 2022 SUSE LLC # Copyright (c) 2025 SUSE LLC
# #
# All modifications and additions to the file contributed by third parties # All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed # remain the property of their copyright owners, unless otherwise agreed
@ -17,7 +17,7 @@
Name: sysuser-tools Name: sysuser-tools
Version: 3.1 Version: 3.3
Release: 0 Release: 0
Summary: Auto provides for system users Summary: Auto provides for system users
License: MIT License: MIT
@ -42,12 +42,6 @@ Group: System/Packages
Requires(pre): (/usr/sbin/useradd or busybox) Requires(pre): (/usr/sbin/useradd or busybox)
# prefer original shadow over busybox by default # prefer original shadow over busybox by default
Suggests: shadow Suggests: shadow
# sysusers2shdow uses sysusers2shadow uses systemd-sysusers if available. And we might pass --replace to it
# --replace only appeared in systemd 238,so we want to ensure: if we have systemd, it must be recent enough
# the Requires(pre) statement is to ensure we get it at any moment recent enough, not only at the end of
# transactions, otherwise upgrades might randomly fail
Requires(pre): (systemd >= 238 if systemd)
Requires: (systemd >= 238 if systemd)
%description -n sysuser-shadow %description -n sysuser-shadow
This package contians a tool, which expects as input a sysusers.d This package contians a tool, which expects as input a sysusers.d
@ -78,7 +72,7 @@ m me nogroup
EOF EOF
cat <<EOFF > expected-account-pre cat <<EOFF > expected-account-pre
/usr/sbin/sysusers2shadow me.conf <<"EOF" || [ -f /.buildenv ] /usr/sbin/sysusers2shadow me.conf <<"EOF"
u me - "myself" /dev/null u me - "myself" /dev/null
m me nogroup m me nogroup
g asdf g asdf

2
sysusers-generate-pre
View File

@ -1,6 +1,6 @@
#!/bin/bash #!/bin/bash
# pass systemd sysusers config paths as argument to this script. # pass systemd sysusers config paths as argument to this script.
echo "/usr/sbin/sysusers2shadow $2 <<\"EOF\" || [ -f /.buildenv ]" echo "/usr/sbin/sysusers2shadow $2 <<\"EOF\""
(while read -r line; do if [[ $line =~ ^\s*[ugmr] ]]; then echo "$line"; fi; done) < "$1" (while read -r line; do if [[ $line =~ ^\s*[ugmr] ]]; then echo "$line"; fi; done) < "$1"
echo 'EOF' echo 'EOF'

196
sysusers2shadow.sh
View File

@ -9,100 +9,124 @@ run() {
if [ -x /usr/bin/systemd-sysusers ] && [ -e /proc/version ]; then if [ -x /usr/bin/systemd-sysusers ] && [ -e /proc/version ]; then
if [ -n "$1" ] && [ "$1" != "%3" ]; then if [ -n "$1" ] && [ "$1" != "%3" ]; then
REPLACE_ARG="--replace=/usr/lib/sysusers.d/$1" ||: REPLACE_ARG="--replace=/usr/lib/sysusers.d/$1"
fi fi
# Use systemd-sysusers and let it read the input directly from stdin # Use systemd-sysusers and let it read the input directly from stdin
run /usr/bin/systemd-sysusers $REPLACE_ARG - if ! run /usr/bin/systemd-sysusers $REPLACE_ARG - ; then
run /usr/bin/systemd-sysusers -
fi
else else
# Absolute path to busybox, if found
busybox=
for i in /bin/busybox /usr/bin/busybox; do [ -x "$i" ] && busybox=$i; done
# Absolute path to busybox, if found while read LINE
busybox= do
for i in /bin/busybox /usr/bin/busybox; do [ -x "$i" ] && busybox=$i; done # "eval set" to do proper splitting while respecting quotes
eval set -- $LINE
while read LINE case "${1-}" in
do \#*|"")
# "eval set" to do proper splitting while respecting quotes
eval set -- $LINE
case "${1-}" in
\#*|"")
;;
g)
shift
ARGUMENTS="$1"
if [ -n "${2-}" ] && [ "$2" != "-" ]; then
ARGUMENTS="-g $2 $ARGUMENTS"
fi
if ! /usr/bin/getent group "$1" >> /dev/null; then
if [ -x "/usr/sbin/groupadd" ]; then
run /usr/sbin/groupadd -r $ARGUMENTS
elif [ -x "$busybox" ]; then
run $busybox addgroup -S $ARGUMENTS
else
echo "ERROR: neither groupadd nor busybox found!"
exit 1
fi
fi
;; ;;
u) g)
shift shift
ARGUMENTS="$1" ARGUMENTS="$1"
if [ -n "${2-}" ] && [ "$2" != "-" ]; then if [ -n "${2-}" ] && [ "$2" != "-" ]; then
ARGUMENTS="-u $2 $ARGUMENTS" ARGUMENTS="-g $2 $ARGUMENTS"
fi
homedir="/" # If null, empty or '-'
if [ "${4:--}" != "-" ]; then
homedir="$4"
fi
# Set shell only if not null, empty nor '-'
if [ "${5:--}" != "-" ]; then
ARGUMENTS="$ARGUMENTS -s $5"
else
ARGUMENTS="$ARGUMENTS -s /usr/sbin/nologin"
fi
if [ -x /usr/sbin/useradd ]; then
if ! /usr/bin/getent passwd "$1" >> /dev/null; then
# this is useradd/shadow specific
if /usr/bin/getent group "$1" >> /dev/null; then
ARGUMENTS="-g $1 $ARGUMENTS"
else
ARGUMENTS="-U $ARGUMENTS"
fi fi
run /usr/sbin/useradd -r -c "$3" -d "${homedir}" $ARGUMENTS if ! /usr/bin/getent group "$1" >> /dev/null; then
fi if [ -x "/usr/sbin/groupadd" ]; then
elif [ -x "$busybox" ]; then run /usr/sbin/groupadd -r $ARGUMENTS
/usr/bin/getent group "$1" >> /dev/null || $busybox addgroup -S "$1" elif [ -x "$busybox" ]; then
run $busybox addgroup -S $ARGUMENTS
else
echo "ERROR: neither groupadd nor busybox found!"
exit 1
fi
fi
;;
u|u\!)
if [ "${1}" = "u!" ]; then
EXPIRE_DATE="1970-01-02"
fi
if ! /usr/bin/getent passwd "$1" >> /dev/null; then shift
run $busybox adduser -S -H -g "$3" -G "$1" -h "${homedir}" $ARGUMENTS ARGUMENTS="$1"
fi
else if /usr/bin/getent passwd "$1" >> /dev/null; then
echo "ERROR: neither useradd nor busybox found!" continue
exit 1 fi
fi
# Split user and Group id. Must work with busybox sh.
case $2 in
(*:*) USER_ID=${2%:*} GROUP_ID=${2##*:};;
(*) USER_ID=$2 GROUP_ID="";;
esac
if [ -n "$USER_ID" ] && [ "$USER_ID" != "-" ]; then
ARGUMENTS="-u $USER_ID $ARGUMENTS"
fi
homedir="/" # If null, empty or '-'
if [ "${4:--}" != "-" ]; then
homedir="$4"
fi
# Set shell only if not null, empty nor '-'
if [ "${5:--}" != "-" ]; then
ARGUMENTS="$ARGUMENTS -s $5"
else
ARGUMENTS="$ARGUMENTS -s /usr/sbin/nologin"
fi
if [ -x /usr/sbin/useradd ]; then
if [ -n "$GROUP_ID" ] && [ "$GROUP_ID" != "-" ]; then
ARGUMENTS="-g $GROUP_ID $ARGUMENTS"
else
# this is useradd/shadow specific
if /usr/bin/getent group "$1" >> /dev/null; then
ARGUMENTS="-g $1 $ARGUMENTS"
else
ARGUMENTS="-U $ARGUMENTS"
fi
fi
run /usr/sbin/useradd -r -c "$3" -d "${homedir}" $ARGUMENTS
if [ -n "$EXPIRE_DATE" ]; then
TZ=UTC chage -E "$EXPIRE_DATE" "$1"
fi
elif [ -x "$busybox" ]; then
if [ -n "$GROUP_ID" ] && [ "$GROUP_ID" != "-" ]; then
run $busybox adduser -S -H -g "$3" -G "GROUP_ID" -h "${homedir}" $ARGUMENTS
else
/usr/bin/getent group "$1" >> /dev/null || $busybox addgroup -S "$1"
run $busybox adduser -S -H -g "$3" -G "$1" -h "${homedir}" $ARGUMENTS
fi
else
echo "ERROR: neither useradd nor busybox found!"
exit 1
fi
;; ;;
m) m)
shift shift
if [ -x /usr/sbin/usermod ] ; then if [ -x /usr/sbin/usermod ] ; then
run /usr/sbin/usermod -a -G $2 $1 run /usr/sbin/usermod -a -G "$2" "$1"
elif [ -x "$busybox" ]; then elif [ -x "$busybox" ]; then
run $busybox addgroup $1 $2 run $busybox addgroup "$1" "$2"
else else
echo "ERROR: neither usermod nor busybox found!" echo "ERROR: neither usermod nor busybox found!"
exit 1 exit 1
fi fi
;; ;;
r) r)
echo "range option ignored: \"$LINE\"" echo "range option ignored: \"$LINE\""
;; ;;
*) *)
echo "Syntax Error: \"$LINE\"" echo "Syntax Error: \"$LINE\""
exit 1 exit 1
;; ;;
esac esac
done done
fi fi