commit dc1aec1fdb10af6724c48894569d7052edcc8e4ed71c680730e8a7662a4056da Author: Adrian Schröter Date: Sat May 4 01:02:39 2024 +0200 Sync from SUSE:SLFO:Main sysuser-tools revision eb26b56f0964ea0968ba1a6460d656c9 diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/macros.sysusers b/macros.sysusers new file mode 100644 index 0000000..f353b1b --- /dev/null +++ b/macros.sysusers @@ -0,0 +1,24 @@ +# -*- Mode: makefile; indent-tabs-mode: t -*- */ +# RPM macros for packages creating system accounts +# +### +# +# When a package creates a system account, it should use the following macros: +# +# add %sysusers_requires in the package section +# +# add "%sysusers_generate_pre []" to build section +# +## is the source file as defined in the spec file header +## is just a random name, the output file will be ".pre" +## is the name of the configuration file as stored in +## /usr/lib/sysusers.d/ +# +# add "%pre -f .pre" to spec file +# +### + +%sysusers_requires Requires(pre): sysuser-shadow >= 3.1 + +%sysusers_generate_pre() \ +%{_prefix}/lib/rpm/sysusers-generate-pre "%1" "%3" >> "%2".pre diff --git a/sysuser-tools.changes b/sysuser-tools.changes new file mode 100644 index 0000000..244457c --- /dev/null +++ b/sysuser-tools.changes @@ -0,0 +1,229 @@ +------------------------------------------------------------------- +Tue Sep 6 15:49:48 UTC 2022 - Callum Farmer + +- Use append so if a pre file already exists it isn't overridden + +------------------------------------------------------------------- +Tue Feb 1 12:58:30 UTC 2022 - Dirk Müller + +- invoke bash for bash scripts (bsc#1195391) + +------------------------------------------------------------------- +Wed Sep 8 09:12:05 UTC 2021 - Thorsten Kukuk + +- Add support for new shell field [bsc#1189518] + +------------------------------------------------------------------- +Thu Jul 15 06:45:15 UTC 2021 - Thorsten Kukuk + +- Use /bin/bash for sysusers-generate-pre + +------------------------------------------------------------------- +Tue Jun 29 13:08:44 UTC 2021 - Dan Čermák + +- Remove usage of grep from sysusers-generate-pre +- Add a simple test of sysusers-generate-pre to %check + +------------------------------------------------------------------- +Mon Jun 21 09:56:17 UTC 2021 - Dominique Leuenberger + +- Bump version up to 3.1. The --replace parameter only appeared in + systemd 238, so we need to ensure to get the update order correct + for sysuser-generate when using the 3rd command line parameters: + * systemd -> sysuser-tools -> system-{user|group}-FOO. +- Add dependency on systemd >=238 if systemd is installed to + sysuser-shadow +- update sysuser_requires to request sysuser-shadow 3.1 + +------------------------------------------------------------------- +Mon Jun 7 11:11:27 UTC 2021 - Thorsten Kukuk + +- Support systemd-sysusers --replace=/usr/lib/sysusers.d/ option +- sysusers-generate-pre: only use first argument for grep +- sysusers2shadow.sh: use "run" prefix for systemd-sysusers call +- macros.sysusers: fix typo + +------------------------------------------------------------------- +Sat May 8 13:19:03 UTC 2021 - Callum Farmer + +- Use /usr/sbin/nologin instead of /sbin/nologin + +------------------------------------------------------------------- +Mon Feb 15 07:30:25 UTC 2021 - Thorsten Kukuk + +- Don't abort on unbound first argument + +------------------------------------------------------------------- +Thu Feb 11 13:54:01 UTC 2021 - Thorsten Kukuk + +- Remove sysusers/nscd workaround + +------------------------------------------------------------------- +Fri Jan 29 13:36:08 UTC 2021 - Thorsten Kukuk + +- Use systemd-sysusers only if /proc is mounted, don't require it + +------------------------------------------------------------------- +Wed Jan 27 13:02:13 UTC 2021 - Thorsten Kukuk + +- Set --replace option for systemd-sysusers + +------------------------------------------------------------------- +Wed Jan 20 15:06:51 UTC 2021 - Thorsten Kukuk + +- Ignore nscd return code + +------------------------------------------------------------------- +Tue Jan 19 15:15:41 UTC 2021 - Thorsten Kukuk + +- If systemd-sysusers is used to create a new user/group, invalidate + the nscd passwd and group cache to make the new user/group + visible immediately as workaround [bsc#1181121]. + Needs to be removed after sytemd-sysusers get's fixed, since we + invalidate the cache even if the user/group file wasn't changed. + +------------------------------------------------------------------- +Sun Jan 17 21:16:25 UTC 2021 - Thorsten Kukuk + +- An "u" in a sysusers.d file will create an user and a group. + Create provides for both, user and group. + +------------------------------------------------------------------- +Thu Jan 14 14:30:20 UTC 2021 - Thorsten Kukuk + +- Use systemd-sysusers as default to create and update the user + account. Fixes the problem that a modified sysusers config file + get's ignored by useradd and adduser [bsc#1180549]. + +------------------------------------------------------------------- +Fri Dec 4 10:54:00 UTC 2020 - Ludwig Nussel + +- useradd_or_adduser_dep must be PreReq so ordering makes sure it gets + installed before. +- suggest shadow where useradd_or_adduser_dep is actually required + +------------------------------------------------------------------- +Fri Sep 18 10:32:53 UTC 2020 - Fabian Vogt + +- Avoid useless use of cat +- Simplify %sysusers_requires +- Drop shebang, rpm passes it to /bin/sh itself + +------------------------------------------------------------------- +Fri Aug 21 15:09:13 UTC 2020 - Thorsten Kukuk + +- Packages providing users need /usr/bin/cat installed to create + them. Add that to the PreRequires. + +------------------------------------------------------------------- +Fri Aug 21 12:43:43 UTC 2020 - Thorsten Kukuk + +- Create system groups for system users + +------------------------------------------------------------------- +Wed Mar 25 07:53:55 UTC 2020 - Fabian Vogt + +- Fix bug introduced by simplification of check for useradd -g +- Refactor use of sed away + +------------------------------------------------------------------- +Tue Mar 24 10:01:39 UTC 2020 - Fabian Vogt + +- Use eval set -- $LINE instead of read for parsing + +------------------------------------------------------------------- +Fri Mar 20 10:08:43 UTC 2020 - Fabian Vogt + +- Clean up sysusers2shadow and make it use only /bin/sh +- Don't let busybox adduser create the home directory, it breaks + permissions of e.g. /sbin (home of daemon) +- Use only /bin/sh in sysusers-generate-pre and the generated code + +------------------------------------------------------------------- +Tue Mar 17 10:12:15 UTC 2020 - Fabian Vogt + +- Drop use of tail from the generated %pre scriptlets + +------------------------------------------------------------------- +Sun Dec 29 19:16:13 UTC 2019 - kukuk@suse.de + +- Look for /bin/busybox, too +- Add special handling for busybox and groups + +------------------------------------------------------------------- +Fri Jul 26 13:28:27 CEST 2019 - kukuk@suse.de + +- Use suggests shadow to prefer that over busybox in normal systems + +------------------------------------------------------------------- +Thu Jul 25 16:00:35 CEST 2019 - kukuk@suse.de + +- Add support for busybox adduser/addgroup +- Change requirements from shadow to useradd_or_adduser_dep + +------------------------------------------------------------------- +Thu May 9 13:23:56 CEST 2019 - kukuk@suse.de + +- Fix default home directory [bsc#1105934] +- Use _rpmmacrodir for macro file + +------------------------------------------------------------------- +Mon Oct 9 13:51:42 UTC 2017 - dimstar@opensuse.org + +- Further enhance sysusers-generate-pre: inside the build + environment, it can be acceptable to be failing to create the + users (e.g when building sysuser-tools or system-user-root, since + those two packages have to be speificallty excluded). Always + return with error code 0 if /.buildenv exists. + +------------------------------------------------------------------- +Wed Sep 27 11:06:52 UTC 2017 - dimstar@opensuse.org + +- sysusers2shadow.sh: Exit if one of the useradd/groupadd/usermod + call fails: the resulting system is quite undefined if this + should happen. +- sysusers-generate-pre: exit the pre script with the exit code + of sysusers2shadow.sh. + +------------------------------------------------------------------- +Mon Jun 19 14:07:51 CEST 2017 - kukuk@suse.de + +- sysuser-tools needs to require sysuser-shadow + +------------------------------------------------------------------- +Mon Jun 19 13:48:34 CEST 2017 - kukuk@suse.de + +- Add requires for shadow to sysuser-shadow + +------------------------------------------------------------------- +Sun Jun 18 18:07:24 CEST 2017 - kukuk@suse.de + +- Put helper script into own subpackage + +------------------------------------------------------------------- +Sat Jun 17 09:20:09 CEST 2017 - kukuk@suse.de + +- Convert sysusers config file to shadow arguments and use + shadow suite to create user and groups. Fixes [bsc#1041497] and + serveral dependency loops. + +------------------------------------------------------------------- +Tue May 30 10:07:45 CEST 2017 - kukuk@suse.de + +- Don't ignore errors of systemd-sysusers [bsc#1039708] + +------------------------------------------------------------------- +Wed Mar 15 14:46:43 CET 2017 - kukuk@suse.de + +- Don't remove 'm' and 'r' entries from sysusers configuration + +------------------------------------------------------------------- +Fri Jan 20 13:04:51 CET 2017 - kukuk@suse.de + +- Add macros.sysusers + +------------------------------------------------------------------- +Wed Dec 21 16:09:05 UTC 2016 - lnussel@suse.de + +- initial package + diff --git a/sysuser-tools.spec b/sysuser-tools.spec new file mode 100644 index 0000000..ee9d35e --- /dev/null +++ b/sysuser-tools.spec @@ -0,0 +1,104 @@ +# +# spec file for package sysuser-tools +# +# Copyright (c) 2022 SUSE LLC +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + + +Name: sysuser-tools +Version: 3.1 +Release: 0 +Summary: Auto provides for system users +License: MIT +Group: System/Packages +Source: sysusers.prov +Source1: sysusers.attr +Source2: sysusers-generate-pre +Source3: macros.sysusers +Source4: sysusers2shadow.sh +BuildArch: noarch +Requires: sysuser-shadow +#!BuildIgnore: sysuser-shadow +#!BuildIgnore: sysuser-tools +BuildRequires: diffutils + +%description +Generate auto provides for system users. + +%package -n sysuser-shadow +Summary: Tool to execute sysusers.d with shadow utilities +Group: System/Packages +Requires(pre): (/usr/sbin/useradd or busybox) +# prefer original shadow over busybox by default +Suggests: shadow +# sysusers2shdow uses sysusers2shadow uses systemd-sysusers if available. And we might pass --replace to it +# --replace only appeared in systemd 238,so we want to ensure: if we have systemd, it must be recent enough +# the Requires(pre) statement is to ensure we get it at any moment recent enough, not only at the end of +# transactions, otherwise upgrades might randomly fail +Requires(pre): (systemd >= 238 if systemd) +Requires: (systemd >= 238 if systemd) + +%description -n sysuser-shadow +This package contians a tool, which expects as input a sysusers.d +configuration file and uses the shadow suite to create the users +and groups from it like systemd-sysusers would do. + +%prep +%setup -qcT + +%build + +%install +install -D -m 755 %{SOURCE0} %{buildroot}%{_prefix}/lib/rpm/sysusers.prov +install -D -m 644 %{SOURCE1} %{buildroot}%{_prefix}/lib/rpm/fileattrs/sysusers.attr +install -D -m 755 %{SOURCE2} %{buildroot}%{_prefix}/lib/rpm/sysusers-generate-pre +install -D -m 644 %{SOURCE3} %{buildroot}%{_rpmmacrodir}/macros.sysusers +install -D -m 755 %{SOURCE4} %{buildroot}%{_sbindir}/sysusers2shadow + +%check +mkdir -p subdir +cat < subdir/me.conf +# Type Name ID GECOS [HOME] Shell + u me - "myself" /dev/null +m me nogroup +# foobar + g asdf + z welp invalid +EOF + +cat < expected-account-pre +/usr/sbin/sysusers2shadow me.conf <<"EOF" || [ -f /.buildenv ] +u me - "myself" /dev/null +m me nogroup +g asdf +EOF +EOFF + +# copy pasta from macros.sysusers because the script sysusers-generate-pre is not in /usr/lib/rpm yet +bash %{SOURCE2} $(pwd)/subdir/me.conf me.conf > account.pre + +diff account.pre expected-account-pre + +%files +%defattr(-,root,root) +%{_rpmmacrodir}/macros.sysusers +%{_prefix}/lib/rpm/sysusers.prov +%{_prefix}/lib/rpm/fileattrs/sysusers.attr +%{_prefix}/lib/rpm/sysusers-generate-pre + +%files -n sysuser-shadow +%defattr(-,root,root) +%{_sbindir}/sysusers2shadow + +%changelog diff --git a/sysusers-generate-pre b/sysusers-generate-pre new file mode 100644 index 0000000..824ba71 --- /dev/null +++ b/sysusers-generate-pre @@ -0,0 +1,6 @@ +#!/bin/bash +# pass systemd sysusers config paths as argument to this script. + +echo "/usr/sbin/sysusers2shadow $2 <<\"EOF\" || [ -f /.buildenv ]" +(while read -r line; do if [[ $line =~ ^\s*[ugmr] ]]; then echo "$line"; fi; done) < "$1" +echo 'EOF' diff --git a/sysusers.attr b/sysusers.attr new file mode 100644 index 0000000..c3c7e3a --- /dev/null +++ b/sysusers.attr @@ -0,0 +1,2 @@ +%__sysusers_provides %{_rpmconfigdir}/sysusers.prov +%__sysusers_path ^%{_prefix}/lib/sysusers.d/.*\\.conf$ diff --git a/sysusers.prov b/sysusers.prov new file mode 100644 index 0000000..365eb31 --- /dev/null +++ b/sysusers.prov @@ -0,0 +1,21 @@ +#!/bin/bash + +parse() +{ + while read line; do + [ "${line:0:1}" != '#' ] || continue + line="${line## *}" + [ -n "$line" ] || continue + set -- $line + if [ "$1" = 'g' ]; then + echo "group($2)" + elif [ "$1" = 'u' ]; then + echo "user($2)" + echo "group($2)" + fi + done +} + +while read fn; do + parse < "$fn" +done diff --git a/sysusers2shadow.sh b/sysusers2shadow.sh new file mode 100644 index 0000000..1cbfa44 --- /dev/null +++ b/sysusers2shadow.sh @@ -0,0 +1,108 @@ +#!/bin/sh +set -e + +# Print the command and run it +run() { + echo "$@" + "$@" +} + +if [ -x /usr/bin/systemd-sysusers ] && [ -e /proc/version ]; then + + if [ -n "$1" ] && [ "$1" != "%3" ]; then + REPLACE_ARG="--replace=/usr/lib/sysusers.d/$1" ||: + fi + # Use systemd-sysusers and let it read the input directly from stdin + run /usr/bin/systemd-sysusers $REPLACE_ARG - +else + + # Absolute path to busybox, if found + busybox= + for i in /bin/busybox /usr/bin/busybox; do [ -x "$i" ] && busybox=$i; done + + while read LINE + do + # "eval set" to do proper splitting while respecting quotes + eval set -- $LINE + case "${1-}" in + \#*|"") + ;; + g) + shift + ARGUMENTS="$1" + if [ -n "${2-}" ] && [ "$2" != "-" ]; then + ARGUMENTS="-g $2 $ARGUMENTS" + fi + + if ! /usr/bin/getent group "$1" >> /dev/null; then + if [ -x "/usr/sbin/groupadd" ]; then + run /usr/sbin/groupadd -r $ARGUMENTS + elif [ -x "$busybox" ]; then + run $busybox addgroup -S $ARGUMENTS + else + echo "ERROR: neither groupadd nor busybox found!" + exit 1 + fi + fi + ;; + u) + shift + ARGUMENTS="$1" + if [ -n "${2-}" ] && [ "$2" != "-" ]; then + ARGUMENTS="-u $2 $ARGUMENTS" + fi + homedir="/" # If null, empty or '-' + if [ "${4:--}" != "-" ]; then + homedir="$4" + fi + + # Set shell only if not null, empty nor '-' + if [ "${5:--}" != "-" ]; then + ARGUMENTS="$ARGUMENTS -s $5" + else + ARGUMENTS="$ARGUMENTS -s /usr/sbin/nologin" + fi + + if [ -x /usr/sbin/useradd ]; then + if ! /usr/bin/getent passwd "$1" >> /dev/null; then + # this is useradd/shadow specific + if /usr/bin/getent group "$1" >> /dev/null; then + ARGUMENTS="-g $1 $ARGUMENTS" + else + ARGUMENTS="-U $ARGUMENTS" + fi + + run /usr/sbin/useradd -r -c "$3" -d "${homedir}" $ARGUMENTS + fi + elif [ -x "$busybox" ]; then + /usr/bin/getent group "$1" >> /dev/null || $busybox addgroup -S "$1" + + if ! /usr/bin/getent passwd "$1" >> /dev/null; then + run $busybox adduser -S -H -g "$3" -G "$1" -h "${homedir}" $ARGUMENTS + fi + else + echo "ERROR: neither useradd nor busybox found!" + exit 1 + fi + ;; + m) + shift + if [ -x /usr/sbin/usermod ] ; then + run /usr/sbin/usermod -a -G $2 $1 + elif [ -x "$busybox" ]; then + run $busybox addgroup $1 $2 + else + echo "ERROR: neither usermod nor busybox found!" + exit 1 + fi + ;; + r) + echo "range option ignored: \"$LINE\"" + ;; + *) + echo "Syntax Error: \"$LINE\"" + exit 1 + ;; + esac + done +fi