diff --git a/macros.sysusers b/macros.sysusers index d96156c..394c4af 100644 --- a/macros.sysusers +++ b/macros.sysusers @@ -7,7 +7,12 @@ # # add %sysusers_requires in the package section # -# add "%sysusers_generate_pre " to build section +# add "%sysusers_generate_pre []" to build section +# +## is the source file as defined in the spec file header +## is just a random name, th output file will be ".pre" +## is the name of the configuration file as stored in +## /usr/lib/sysusers.d/ # # add "%pre -f .pre" to spec file # @@ -16,4 +21,4 @@ %sysusers_requires Requires(pre): sysuser-shadow %sysusers_generate_pre() \ -%{_prefix}/lib/rpm/sysusers-generate-pre "%1" > "%2".pre +%{_prefix}/lib/rpm/sysusers-generate-pre "%1" "%3" > "%2".pre diff --git a/sysuser-tools.changes b/sysuser-tools.changes index fa98239..0c2810d 100644 --- a/sysuser-tools.changes +++ b/sysuser-tools.changes @@ -1,3 +1,50 @@ +------------------------------------------------------------------- +Mon Feb 15 07:30:25 UTC 2021 - Thorsten Kukuk + +- Don't abort on unbound first argument + +------------------------------------------------------------------- +Thu Feb 11 13:54:01 UTC 2021 - Thorsten Kukuk + +- Remove sysusers/nscd workaround + +------------------------------------------------------------------- +Fri Jan 29 13:36:08 UTC 2021 - Thorsten Kukuk + +- Use systemd-sysusers only if /proc is mounted, don't require it + +------------------------------------------------------------------- +Wed Jan 27 13:02:13 UTC 2021 - Thorsten Kukuk + +- Set --replace option for systemd-sysusers + +------------------------------------------------------------------- +Wed Jan 20 15:06:51 UTC 2021 - Thorsten Kukuk + +- Ignore nscd return code + +------------------------------------------------------------------- +Tue Jan 19 15:15:41 UTC 2021 - Thorsten Kukuk + +- If systemd-sysusers is used to create a new user/group, invalidate + the nscd passwd and group cache to make the new user/group + visible immediately as workaround [bsc#1181121]. + Needs to be removed after sytemd-sysusers get's fixed, since we + invalidate the cache even if the user/group file wasn't changed. + +------------------------------------------------------------------- +Sun Jan 17 21:16:25 UTC 2021 - Thorsten Kukuk + +- An "u" in a sysusers.d file will create an user and a group. + Create provides for both, user and group. + +------------------------------------------------------------------- +Thu Jan 14 14:30:20 UTC 2021 - Thorsten Kukuk + +- Use systemd-sysusers as default to create and update the user + account. Fixes the problem that a modified sysusers config file + get's ignored by useradd and adduser [bsc#1180549]. + ------------------------------------------------------------------- Fri Dec 4 10:54:00 UTC 2020 - Ludwig Nussel diff --git a/sysuser-tools.spec b/sysuser-tools.spec index 0914189..a8505a0 100644 --- a/sysuser-tools.spec +++ b/sysuser-tools.spec @@ -1,7 +1,7 @@ # # spec file for package sysuser-tools # -# Copyright (c) 2020 SUSE LLC +# Copyright (c) 2021 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -38,7 +38,7 @@ Generate auto provides for system users. %package -n sysuser-shadow Summary: Tool to execute sysusers.d with shadow utilities Group: System/Packages -PreReq: useradd_or_adduser_dep +Requires(pre): (/usr/sbin/useradd or busybox) # prefer original shadow over busybox by default Suggests: shadow diff --git a/sysusers-generate-pre b/sysusers-generate-pre index 4cc2620..9d6897e 100644 --- a/sysusers-generate-pre +++ b/sysusers-generate-pre @@ -1,6 +1,6 @@ #!/bin/sh # pass systemd sysusers config paths as argument to this script. -echo '/usr/sbin/sysusers2shadow <<"EOF" || [ -f /.buildenv ]' +echo "/usr/sbin/sysusers2shadow $3 <<\"EOF\" || [ -f /.buildenv ]" grep -he '^[ugmr]' "$@" echo 'EOF' diff --git a/sysusers.prov b/sysusers.prov index 88c8bb0..365eb31 100644 --- a/sysusers.prov +++ b/sysusers.prov @@ -11,6 +11,7 @@ parse() echo "group($2)" elif [ "$1" = 'u' ]; then echo "user($2)" + echo "group($2)" fi done } diff --git a/sysusers2shadow.sh b/sysusers2shadow.sh index 6440475..7988133 100644 --- a/sysusers2shadow.sh +++ b/sysusers2shadow.sh @@ -1,5 +1,5 @@ #!/bin/sh -set -eu +set -e # Print the command and run it run() { @@ -7,85 +7,95 @@ run() { "$@" } -# Absolute path to busybox, if found -busybox= -for i in /bin/busybox /usr/bin/busybox; do [ -x "$i" ] && busybox=$i; done +if [ -x /usr/bin/systemd-sysusers ] && [ -e /proc/version ]; then -while read LINE -do + if [ -n "$1" ]; then + REPLACE_ARG="--replace=/usr/lib/sysusers.d/$1" ||: + fi + # Use systemd-sysusers and let it read the input directly from stdin + /usr/bin/systemd-sysusers $REPLACE_ARG - +else + + # Absolute path to busybox, if found + busybox= + for i in /bin/busybox /usr/bin/busybox; do [ -x "$i" ] && busybox=$i; done + + while read LINE + do # "eval set" to do proper splitting while respecting quotes eval set -- $LINE case "${1-}" in - \#*|"") - ;; - g) + \#*|"") + ;; + g) shift ARGUMENTS="$1" if [ -n "${2-}" ] && [ "$2" != "-" ]; then - ARGUMENTS="-g $2 $ARGUMENTS" + ARGUMENTS="-g $2 $ARGUMENTS" fi if ! /usr/bin/getent group "$1" >> /dev/null; then - if [ -x "/usr/sbin/groupadd" ]; then - run /usr/sbin/groupadd -r $ARGUMENTS - elif [ -x "$busybox" ]; then - run $busybox addgroup -S $ARGUMENTS - else - echo "ERROR: neither groupadd nor busybox found!" - exit 1 - fi + if [ -x "/usr/sbin/groupadd" ]; then + run /usr/sbin/groupadd -r $ARGUMENTS + elif [ -x "$busybox" ]; then + run $busybox addgroup -S $ARGUMENTS + else + echo "ERROR: neither groupadd nor busybox found!" + exit 1 + fi fi ;; - u) + u) shift ARGUMENTS="$1" if [ -n "${2-}" ] && [ "$2" != "-" ]; then - ARGUMENTS="-u $2 $ARGUMENTS" + ARGUMENTS="-u $2 $ARGUMENTS" fi homedir="/" # If null, empty or '-' if [ "${4:--}" != "-" ]; then - homedir="$4" + homedir="$4" fi if [ -x /usr/sbin/useradd ]; then - if ! /usr/bin/getent passwd "$1" >> /dev/null; then - # this is useradd/shadow specific - if /usr/bin/getent group "$1" >> /dev/null; then - ARGUMENTS="-g $1 $ARGUMENTS" - else - ARGUMENTS="-U $ARGUMENTS" - fi - - run /usr/sbin/useradd -r -s /sbin/nologin -c "$3" -d "${homedir}" $ARGUMENTS + if ! /usr/bin/getent passwd "$1" >> /dev/null; then + # this is useradd/shadow specific + if /usr/bin/getent group "$1" >> /dev/null; then + ARGUMENTS="-g $1 $ARGUMENTS" + else + ARGUMENTS="-U $ARGUMENTS" fi - elif [ -x "$busybox" ]; then - /usr/bin/getent group "$1" >> /dev/null || $busybox addgroup -S "$1" - if ! /usr/bin/getent passwd "$1" >> /dev/null; then - run $busybox adduser -S -H -s /sbin/nologin -g "$3" -G "$1" -h "${homedir}" $ARGUMENTS - fi + run /usr/sbin/useradd -r -s /sbin/nologin -c "$3" -d "${homedir}" $ARGUMENTS + fi + elif [ -x "$busybox" ]; then + /usr/bin/getent group "$1" >> /dev/null || $busybox addgroup -S "$1" + + if ! /usr/bin/getent passwd "$1" >> /dev/null; then + run $busybox adduser -S -H -s /sbin/nologin -g "$3" -G "$1" -h "${homedir}" $ARGUMENTS + fi else - echo "ERROR: neither useradd nor busybox found!" - exit 1 + echo "ERROR: neither useradd nor busybox found!" + exit 1 fi - ;; - m) + ;; + m) shift if [ -x /usr/sbin/usermod ] ; then - run /usr/sbin/usermod -a -G $2 $1 + run /usr/sbin/usermod -a -G $2 $1 elif [ -x "$busybox" ]; then - run $busybox addgroup $1 $2 + run $busybox addgroup $1 $2 else - echo "ERROR: neither usermod nor busybox found!" - exit 1 + echo "ERROR: neither usermod nor busybox found!" + exit 1 fi - ;; - r) + ;; + r) echo "range option ignored: \"$LINE\"" ;; - *) - echo "Syntax Error: \"$LINE\"" - exit 1 - ;; + *) + echo "Syntax Error: \"$LINE\"" + exit 1 + ;; esac -done + done +fi