Accepting request 788122 from Base:System

OBS-URL: https://build.opensuse.org/request/show/788122
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/sysuser-tools?expand=0&rev=9

sysuser-tools.changes

@@ -1,3 +1,27 @@
+-------------------------------------------------------------------
+Wed Mar 25 07:53:55 UTC 2020 - Fabian Vogt <fvogt@suse.com>
+
+- Fix bug introduced by simplification of check for useradd -g
+- Refactor use of sed away
+
+-------------------------------------------------------------------
+Tue Mar 24 10:01:39 UTC 2020 - Fabian Vogt <fvogt@suse.com>
+
+- Use eval set -- $LINE instead of read for parsing
+
+-------------------------------------------------------------------
+Fri Mar 20 10:08:43 UTC 2020 - Fabian Vogt <fvogt@suse.com>
+
+- Clean up sysusers2shadow and make it use only /bin/sh
+- Don't let busybox adduser create the home directory, it breaks
+  permissions of e.g. /sbin (home of daemon)
+- Use only /bin/sh in sysusers-generate-pre and the generated code
+
+-------------------------------------------------------------------
+Tue Mar 17 10:12:15 UTC 2020 - Fabian Vogt <fvogt@suse.com>
+
+- Drop use of tail from the generated %pre scriptlets
+
 -------------------------------------------------------------------
 Sun Dec 29 19:16:13 UTC 2019 - kukuk@suse.de
 

sysuser-tools.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package sysuser-tools
 #
-# Copyright (c) 2019 SUSE LLC
+# Copyright (c) 2020 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed

sysusers-generate-pre

@@ -1,26 +1,8 @@
-#!/bin/bash
+#!/bin/sh
-# pass systemd sysusers config files a as argument to this script.
+# pass systemd sysusers config paths as argument to this script.
-# It will output a shell script that creates those users by
-# appending the data to itself.
 
-tmpfile=`mktemp -q -t sysusers.XXXXXX`
+echo '#!/bin/sh'
-cleanup()
+echo 'cat <<"EOF" |'
-{
+grep -he '^[ugmr]' "$@"
-	rm -f "$tmpfile"
+echo 'EOF'
-}
+echo '/usr/sbin/sysusers2shadow || [ -f /.buildenv ]'
-
-trap cleanup EXIT
-
-for i in "$@"; do
-	grep -e '^[ugmr]' "$i" >> "$tmpfile"
-done
-
-lines=`wc -l < "$tmpfile"`
-
-echo '#!/bin/bash'
-echo "tail -n $lines \$0 | /usr/sbin/sysusers2shadow"
-echo 'RET=$?'
-echo 'test -f /.buildenv && exit 0'
-echo 'exit $RET'
-echo '######## data below ########'
-cat "$tmpfile"

sysusers2shadow.sh

@@ -1,96 +1,90 @@
-#!/bin/bash
+#!/bin/sh
+set -eu
+
+# Print the command and run it
+run() {
+	echo "$@"
+	"$@"
+}
+
+# Absolute path to busybox, if found
+busybox=
+for i in /bin/busybox /usr/bin/busybox; do [ -x "$i" ] && busybox=$i; done
 
 while read LINE
 do
-    case "$LINE" in
+	eval set -- $LINE
+	case "${1-}" in
 	\#*|"")
-	    ;;
+		;;
-	g*)
+	g)
-            eval arr=( $LINE )
+		shift
-            ARGUMENTS="${arr[1]}"
+		ARGUMENTS="$1"
-            if [ ! -z "${arr[2]}" -a "${arr[2]}" != "-" ]; then
+		if [ -n "${2-}" ] && [ "$2" != "-" ]; then
-                ARGUMENTS="-g ${arr[2]} $ARGUMENTS"
+			ARGUMENTS="-g $2 $ARGUMENTS"
-	    fi
+		fi
-	    if [ -x /usr/sbin/groupadd ]; then
+
-		echo "groupadd -r $ARGUMENTS"
+		if ! /usr/bin/getent group "$1" >> /dev/null; then
-		/usr/bin/getent group "${arr[1]}" >> /dev/null || /usr/sbin/groupadd -r $ARGUMENTS || exit $?
+			if [ -x "/usr/sbin/groupadd" ]; then
-	    elif [ -x /usr/bin/busybox ]; then
+				run /usr/sbin/groupadd -r $ARGUMENTS
-		echo "addgroup -S $ARGUMENTS"
+			elif [ -x "$busybox" ]; then
-		/usr/bin/getent group "${arr[1]}" >> /dev/null || /usr/bin/busybox addgroup -S $ARGUMENTS || exit $?
+				run $busybox addgroup -S $ARGUMENTS
-	    elif [ -x /bin/busybox ]; then
+			else
-		echo "addgroup -S $ARGUMENTS"
+				echo "ERROR: neither groupadd nor busybox found!"
-		/usr/bin/getent group "${arr[1]}" >> /dev/null || /bin/busybox addgroup -S $ARGUMENTS || exit $?
+				exit 1
-	    else
+			fi
-		echo "ERROR: neither groupadd nor busybox found!"
+		fi
-		exit 1
+		;;
-	    fi
+	u)
-	    ;;
+		shift
-	u*)
+		ARGUMENTS="$1"
-            eval arr=( $LINE )
+		if [ -n "${2-}" ] && [ "$2" != "-" ]; then
-	    ARGUMENTS="${arr[1]}"
+			ARGUMENTS="-u $2 $ARGUMENTS"
-	    if [ ! -z "${arr[2]}" -a "${arr[2]}" != "-" ]; then
+		fi
-		ARGUMENTS="-u ${arr[2]} $ARGUMENTS"
+		homedir="/" # If null, empty or '-'
-	    fi
+		if [ "${4:--}" != "-" ]; then
-	    if [ ! -z "${arr[4]}" -a "${arr[4]}" != "-" ]; then
+			homedir="$4"
-		ARGUMENTS="-d ${arr[4]} $ARGUMENTS"
+		fi
-	    else
+
-		ARGUMENTS="-d / $ARGUMENTS"
+		if [ -x /usr/sbin/useradd ]; then
-	    fi
+			if ! /usr/bin/getent passwd "$1" >> /dev/null; then
-	    if [ -x /usr/sbin/useradd ]; then
+				# this is useradd/shadow specific
-		# this is useradd/shadow specific
+				if /usr/bin/getent group "$1" >> /dev/null; then
-		/usr/bin/getent group ${arr[1]} >> /dev/null
+					ARGUMENTS="-g $1 $ARGUMENTS"
-		if [ $? -eq 0 ]; then
+				else
-              	    ARGUMENTS="-g ${arr[1]} $ARGUMENTS"
+					ARGUMENTS="-U $ARGUMENTS"
+				fi
+			
+				run /usr/sbin/useradd -r -s /sbin/nologin -c "$3" -d "${homedir}" $ARGUMENTS
+			fi
+		elif [ -x "$busybox" ]; then
+			/usr/bin/getent group "$1" >> /dev/null || $busybox addgroup "$1"
+
+			if ! /usr/bin/getent passwd "$1" >> /dev/null; then
+				run $busybox adduser -S -H -s /sbin/nologin -g "$3" -G "$1" -h "${homedir}" $ARGUMENTS
+			fi
 		else
-		    ARGUMENTS="-U $ARGUMENTS"
+			echo "ERROR: neither useradd nor busybox found!"
+			exit 1
 		fi
-		echo "useradd -r -s /sbin/nologin -c \"${arr[3]}\" $ARGUMENTS"
+	    ;;
-		/usr/bin/getent passwd ${arr[1]} >> /dev/null || /usr/sbin/useradd -r -s /sbin/nologin -c "${arr[3]}" $ARGUMENTS || exit $?
+	m)
-	    elif [ -x /usr/bin/busybox ]; then
+		shift
-		/usr/bin/getent group ${arr[1]} >> /dev/null
+		if [ -x /usr/sbin/usermod ] ; then
-		if [ $? -ne 0 ]; then
+				run /usr/sbin/usermod -a -G $2 $1
-		    /usr/bin/busybox addgroup ${arr[1]}
+		elif [ -x "$busybox" ]; then
+				run $busybox addgroup $1 $2
+		else
+				echo "ERROR: neither usermod nor busybox found!"
+				exit 1
 		fi
-              	ARGUMENTS="-G ${arr[1]} $ARGUMENTS"
-		ARGUMENTS=`echo $ARGUMENTS | sed -e 's|-d|-h|g' -e 's|-g|-G|g'`
-		echo "adduser -S -s /sbin/nologin -g \"${arr[3]}\" $ARGUMENTS"
-		/usr/bin/getent passwd ${arr[1]} >> /dev/null || /usr/bin/busybox adduser -S -s /sbin/nologin -g "${arr[3]}" $ARGUMENTS || exit $?
-	    elif [ -x /bin/busybox ]; then
-		/usr/bin/getent group ${arr[1]} >> /dev/null
-		if [ $? -ne 0 ]; then
-		    /bin/busybox addgroup ${arr[1]}
-		fi
-              	ARGUMENTS="-G ${arr[1]} $ARGUMENTS"
-		ARGUMENTS=`echo $ARGUMENTS | sed -e 's|-d|-h|g' -e 's|-g|-G|g'`
-		echo "adduser -S -s /sbin/nologin -g \"${arr[3]}\" $ARGUMENTS"
-		/usr/bin/getent passwd ${arr[1]} >> /dev/null || /bin/busybox adduser -S -s /sbin/nologin -g "${arr[3]}" $ARGUMENTS || exit $?
-	    else
-		echo "ERROR: neither useradd nor busybox found!"
-		exit 1
-	    fi
-	    ;;
-	m*)
-            eval arr=( $LINE )
-	    if [ -x /usr/sbin/usermod ] ; then
-		echo "usermod -a -G ${arr[2]} ${arr[1]}"
-		/usr/sbin/usermod -a -G ${arr[2]} ${arr[1]} || exit $?
-	    elif [ -x /usr/bin/busybox ]; then
-		echo "addgroup ${arr[1]} ${arr[2]}"
-		/usr/bin/busybox addgroup ${arr[1]} ${arr[2]} || exit $?
-	    elif [ -x /bin/busybox ]; then
-		echo "addgroup ${arr[1]} ${arr[2]}"
-		/bin/busybox addgroup ${arr[1]} ${arr[2]} || exit $?
-	    else
-		echo "ERROR: neither usermod nor busybox found!"
-		exit 1
-	    fi
-	    ;;
-	r*)
-	    echo "range option ignored: \"$LINE\""
 	    ;;
+	r)
+		echo "range option ignored: \"$LINE\""
+		;;
 	*)
 	    echo "Syntax Error: \"$LINE\""
 	    exit 1
 	    ;;
-    esac
+	esac
 done