rpm/sysuser-tools
SHA256
1
0
Fork 0
forked from pool/sysuser-tools
Code Pull Requests Activity

Accepting request 1191152 from home:kukuk:cleanup

Browse Source 
- Rewrite UID:GID support to work with busybox and fix it for useradd

OBS-URL: https://build.opensuse.org/request/show/1191152
OBS-URL: https://build.opensuse.org/package/show/Base:System/sysuser-tools?expand=0&rev=57
This commit is contained in:
Thorsten Kukuk 2024-08-02 10:05:05 +00:00 committed by Git OBS Bridge
commit 6b5a150fa9
10 changed files with 602 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
.gitattributes vendored Normal file
View File

@ -0,0 +1,23 @@
## Default LFS
*.7z filter=lfs diff=lfs merge=lfs -text
*.bsp filter=lfs diff=lfs merge=lfs -text
*.bz2 filter=lfs diff=lfs merge=lfs -text
*.gem filter=lfs diff=lfs merge=lfs -text
*.gz filter=lfs diff=lfs merge=lfs -text
*.jar filter=lfs diff=lfs merge=lfs -text
*.lz filter=lfs diff=lfs merge=lfs -text
*.lzma filter=lfs diff=lfs merge=lfs -text
*.obscpio filter=lfs diff=lfs merge=lfs -text
*.oxt filter=lfs diff=lfs merge=lfs -text
*.pdf filter=lfs diff=lfs merge=lfs -text
*.png filter=lfs diff=lfs merge=lfs -text
*.rpm filter=lfs diff=lfs merge=lfs -text
*.tbz filter=lfs diff=lfs merge=lfs -text
*.tbz2 filter=lfs diff=lfs merge=lfs -text
*.tgz filter=lfs diff=lfs merge=lfs -text
*.ttf filter=lfs diff=lfs merge=lfs -text
*.txz filter=lfs diff=lfs merge=lfs -text
*.whl filter=lfs diff=lfs merge=lfs -text
*.xz filter=lfs diff=lfs merge=lfs -text
*.zip filter=lfs diff=lfs merge=lfs -text
*.zst filter=lfs diff=lfs merge=lfs -text

1
.gitignore vendored Normal file
View File

@ -0,0 +1 @@
.osc

22
disable-systemd-sysusers.patch Normal file
View File

@ -0,0 +1,22 @@
--- sysusers2shadow.sh.old 2024-07-04 14:24:01.013092683 +0200
+++ sysusers2shadow.sh 2024-07-04 14:28:06.701540250 +0200
@@ -7,14 +7,6 @@
"$@"
}
-if [ -x /usr/bin/systemd-sysusers ] && [ -e /proc/version ]; then
-
- if [ -n "$1" ] && [ "$1" != "%3" ]; then
- REPLACE_ARG="--replace=/usr/lib/sysusers.d/$1" ||:
- fi
- # Use systemd-sysusers and let it read the input directly from stdin
- run /usr/bin/systemd-sysusers $REPLACE_ARG -
-else
# Absolute path to busybox, if found
busybox=
for i in /bin/busybox /usr/bin/busybox; do [ -x "$i" ] && busybox=$i; done
@@ -126,4 +118,3 @@
;;
esac
done
-fi

24
macros.sysusers Normal file
View File

@ -0,0 +1,24 @@
# -*- Mode: makefile; indent-tabs-mode: t -*- */
# RPM macros for packages creating system accounts
#
###
#
# When a package creates a system account, it should use the following macros:
#
# add %?sysusers_requires in the package section
#
# add "%sysusers_generate_pre <source file> <account> [<config>]" to build section
#
## <source file> is the source file as defined in the spec file header
## <account> is just a random name, the output file will be "<account>.pre"
## <config> is the name of the configuration file as stored in
## /usr/lib/sysusers.d/<config>
#
# add "%pre -f <account>.pre" to spec file
#
###
%sysusers_requires Requires(pre): sysuser-shadow >= 3.2
%sysusers_generate_pre() \
%{_prefix}/lib/rpm/sysusers-generate-pre "%1" "%3" >> "%2".pre

268
sysuser-tools.changes Normal file
View File

@ -0,0 +1,268 @@
-------------------------------------------------------------------
Fri Aug 2 08:24:06 UTC 2024 - Thorsten Kukuk <kukuk@suse.com>
- Rewrite UID:GID support to work with busybox and fix it for useradd
-------------------------------------------------------------------
Mon Jul 1 15:01:19 UTC 2024 - Johannes Weberhofer <jweberhofer@weberhofer.at>
- Allow setting of UID:GID for as defined in sysusers.d
-------------------------------------------------------------------
Tue Nov 7 10:07:20 UTC 2023 - Dominique Leuenberger <dimstar@opensuse.org>
- Fix build with RPM 4.19: unnumbered patches are no longer
supported.
-------------------------------------------------------------------
Tue Jul 18 18:18:18 UTC 2023 - olaf@aepfle.de
- Version 3.2
- update sysusers_requires to request sysuser-shadow 3.2
- Use TAB consistently for indention in sysusers2shadow.sh
- This pkg needs to follow behavior which is described in sysusers.d(5).
Always create a system group of the same name as the system user,
even if the user already exists. (bsc#1205161, bsc#1207778, bsc#1213240)
-------------------------------------------------------------------
Mon Jul 17 17:17:17 UTC 2023 - olaf@aepfle.de
- Add "quilt setup" friendly hint to %sysusers_requires usage
It is not required to have sysuser-tools installed when working
with a pkg source which uses sysuser-tools at build time.
-------------------------------------------------------------------
Tue Sep 6 15:49:48 UTC 2022 - Callum Farmer <gmbr3@opensuse.org>
- Use append so if a pre file already exists it isn't overridden
-------------------------------------------------------------------
Tue Feb 1 12:58:30 UTC 2022 - Dirk Müller <dmueller@suse.com>
- invoke bash for bash scripts (bsc#1195391)
-------------------------------------------------------------------
Fri Nov 26 09:43:02 UTC 2021 - Thorsten Kukuk <kukuk@suse.com>
- Disable systemd-sysuser on SLE15 to stay compatible
(disable-systemd-sysusers.patch)
-------------------------------------------------------------------
Wed Sep 8 09:12:05 UTC 2021 - Thorsten Kukuk <kukuk@suse.com>
- Add support for new shell field [bsc#1189518]
-------------------------------------------------------------------
Thu Jul 15 06:45:15 UTC 2021 - Thorsten Kukuk <kukuk@suse.com>
- Use /bin/bash for sysusers-generate-pre
-------------------------------------------------------------------
Tue Jun 29 13:08:44 UTC 2021 - Dan Čermák <dcermak@suse.com>
- Remove usage of grep from sysusers-generate-pre
- Add a simple test of sysusers-generate-pre to %check
-------------------------------------------------------------------
Mon Jun 21 09:56:17 UTC 2021 - Dominique Leuenberger <dimstar@opensuse.org>
- Bump version up to 3.1. The --replace parameter only appeared in
systemd 238, so we need to ensure to get the update order correct
for sysuser-generate when using the 3rd command line parameters:
* systemd -> sysuser-tools -> system-{user|group}-FOO.
- Add dependency on systemd >=238 if systemd is installed to
sysuser-shadow
- update sysuser_requires to request sysuser-shadow 3.1
-------------------------------------------------------------------
Mon Jun 7 11:11:27 UTC 2021 - Thorsten Kukuk <kukuk@suse.com>
- Support systemd-sysusers --replace=/usr/lib/sysusers.d/ option
- sysusers-generate-pre: only use first argument for grep
- sysusers2shadow.sh: use "run" prefix for systemd-sysusers call
- macros.sysusers: fix typo
-------------------------------------------------------------------
Sat May 8 13:19:03 UTC 2021 - Callum Farmer <gmbr3@opensuse.org>
- Use /usr/sbin/nologin instead of /sbin/nologin
-------------------------------------------------------------------
Mon Feb 15 07:30:25 UTC 2021 - Thorsten Kukuk <kukuk@suse.com>
- Don't abort on unbound first argument
-------------------------------------------------------------------
Thu Feb 11 13:54:01 UTC 2021 - Thorsten Kukuk <kukuk@suse.com>
- Remove sysusers/nscd workaround
-------------------------------------------------------------------
Fri Jan 29 13:36:08 UTC 2021 - Thorsten Kukuk <kukuk@suse.com>
- Use systemd-sysusers only if /proc is mounted, don't require it
-------------------------------------------------------------------
Wed Jan 27 13:02:13 UTC 2021 - Thorsten Kukuk <kukuk@suse.com>
- Set --replace option for systemd-sysusers
-------------------------------------------------------------------
Wed Jan 20 15:06:51 UTC 2021 - Thorsten Kukuk <kukuk@suse.com>
- Ignore nscd return code
-------------------------------------------------------------------
Tue Jan 19 15:15:41 UTC 2021 - Thorsten Kukuk <kukuk@suse.com>
- If systemd-sysusers is used to create a new user/group, invalidate
the nscd passwd and group cache to make the new user/group
visible immediately as workaround [bsc#1181121].
Needs to be removed after sytemd-sysusers get's fixed, since we
invalidate the cache even if the user/group file wasn't changed.
-------------------------------------------------------------------
Sun Jan 17 21:16:25 UTC 2021 - Thorsten Kukuk <kukuk@suse.com>
- An "u" in a sysusers.d file will create an user and a group.
Create provides for both, user and group.
-------------------------------------------------------------------
Thu Jan 14 14:30:20 UTC 2021 - Thorsten Kukuk <kukuk@suse.com>
- Use systemd-sysusers as default to create and update the user
account. Fixes the problem that a modified sysusers config file
get's ignored by useradd and adduser [bsc#1180549].
-------------------------------------------------------------------
Fri Dec 4 10:54:00 UTC 2020 - Ludwig Nussel <lnussel@suse.de>
- useradd_or_adduser_dep must be PreReq so ordering makes sure it gets
installed before.
- suggest shadow where useradd_or_adduser_dep is actually required
-------------------------------------------------------------------
Fri Sep 18 10:32:53 UTC 2020 - Fabian Vogt <fvogt@suse.com>
- Avoid useless use of cat
- Simplify %sysusers_requires
- Drop shebang, rpm passes it to /bin/sh itself
-------------------------------------------------------------------
Fri Aug 21 15:09:13 UTC 2020 - Thorsten Kukuk <kukuk@suse.com>
- Packages providing users need /usr/bin/cat installed to create
them. Add that to the PreRequires.
-------------------------------------------------------------------
Fri Aug 21 12:43:43 UTC 2020 - Thorsten Kukuk <kukuk@suse.com>
- Create system groups for system users
-------------------------------------------------------------------
Wed Mar 25 07:53:55 UTC 2020 - Fabian Vogt <fvogt@suse.com>
- Fix bug introduced by simplification of check for useradd -g
- Refactor use of sed away
-------------------------------------------------------------------
Tue Mar 24 10:01:39 UTC 2020 - Fabian Vogt <fvogt@suse.com>
- Use eval set -- $LINE instead of read for parsing
-------------------------------------------------------------------
Fri Mar 20 10:08:43 UTC 2020 - Fabian Vogt <fvogt@suse.com>
- Clean up sysusers2shadow and make it use only /bin/sh
- Don't let busybox adduser create the home directory, it breaks
permissions of e.g. /sbin (home of daemon)
- Use only /bin/sh in sysusers-generate-pre and the generated code
-------------------------------------------------------------------
Tue Mar 17 10:12:15 UTC 2020 - Fabian Vogt <fvogt@suse.com>
- Drop use of tail from the generated %pre scriptlets
-------------------------------------------------------------------
Sun Dec 29 19:16:13 UTC 2019 - kukuk@suse.de
- Look for /bin/busybox, too
- Add special handling for busybox and groups
-------------------------------------------------------------------
Fri Jul 26 13:28:27 CEST 2019 - kukuk@suse.de
- Use suggests shadow to prefer that over busybox in normal systems
-------------------------------------------------------------------
Thu Jul 25 16:00:35 CEST 2019 - kukuk@suse.de
- Add support for busybox adduser/addgroup
- Change requirements from shadow to useradd_or_adduser_dep
-------------------------------------------------------------------
Thu May 9 13:23:56 CEST 2019 - kukuk@suse.de
- Fix default home directory [bsc#1105934]
- Use _rpmmacrodir for macro file
-------------------------------------------------------------------
Mon Oct 9 13:51:42 UTC 2017 - dimstar@opensuse.org
- Further enhance sysusers-generate-pre: inside the build
environment, it can be acceptable to be failing to create the
users (e.g when building sysuser-tools or system-user-root, since
those two packages have to be speificallty excluded). Always
return with error code 0 if /.buildenv exists.
-------------------------------------------------------------------
Wed Sep 27 11:06:52 UTC 2017 - dimstar@opensuse.org
- sysusers2shadow.sh: Exit if one of the useradd/groupadd/usermod
call fails: the resulting system is quite undefined if this
should happen.
- sysusers-generate-pre: exit the pre script with the exit code
of sysusers2shadow.sh.
-------------------------------------------------------------------
Mon Jun 19 14:07:51 CEST 2017 - kukuk@suse.de
- sysuser-tools needs to require sysuser-shadow
-------------------------------------------------------------------
Mon Jun 19 13:48:34 CEST 2017 - kukuk@suse.de
- Add requires for shadow to sysuser-shadow
-------------------------------------------------------------------
Sun Jun 18 18:07:24 CEST 2017 - kukuk@suse.de
- Put helper script into own subpackage
-------------------------------------------------------------------
Sat Jun 17 09:20:09 CEST 2017 - kukuk@suse.de
- Convert sysusers config file to shadow arguments and use
shadow suite to create user and groups. Fixes [bsc#1041497] and
serveral dependency loops.
-------------------------------------------------------------------
Tue May 30 10:07:45 CEST 2017 - kukuk@suse.de
- Don't ignore errors of systemd-sysusers [bsc#1039708]
-------------------------------------------------------------------
Wed Mar 15 14:46:43 CET 2017 - kukuk@suse.de
- Don't remove 'm' and 'r' entries from sysusers configuration
-------------------------------------------------------------------
Fri Jan 20 13:04:51 CET 2017 - kukuk@suse.de
- Add macros.sysusers
-------------------------------------------------------------------
Wed Dec 21 16:09:05 UTC 2016 - lnussel@suse.de
- initial package

108
sysuser-tools.spec Normal file
View File

@ -0,0 +1,108 @@
#
# spec file for package sysuser-tools
#
# Copyright (c) 2024 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
Name: sysuser-tools
Version: 3.3
Release: 0
Summary: Auto provides for system users
License: MIT
Group: System/Packages
Source: sysusers.prov
Source1: sysusers.attr
Source2: sysusers-generate-pre
Source3: macros.sysusers
Source4: sysusers2shadow.sh
Patch0: disable-systemd-sysusers.patch
BuildArch: noarch
Requires: sysuser-shadow
#!BuildIgnore: sysuser-shadow
#!BuildIgnore: sysuser-tools
BuildRequires: diffutils
%description
Generate auto provides for system users.
%package -n sysuser-shadow
Summary: Tool to execute sysusers.d with shadow utilities
Group: System/Packages
Requires(pre): (/usr/sbin/useradd or busybox)
# prefer original shadow over busybox by default
Suggests: shadow
# sysusers2shdow uses sysusers2shadow uses systemd-sysusers if available. And we might pass --replace to it
# --replace only appeared in systemd 238,so we want to ensure: if we have systemd, it must be recent enough
# the Requires(pre) statement is to ensure we get it at any moment recent enough, not only at the end of
# transactions, otherwise upgrades might randomly fail
Requires(pre): (systemd >= 238 if systemd)
Requires: (systemd >= 238 if systemd)
%description -n sysuser-shadow
This package contians a tool, which expects as input a sysusers.d
configuration file and uses the shadow suite to create the users
and groups from it like systemd-sysusers would do.
%prep
%setup -qcT
%if 0%{?suse_version} <= 1500
patch < %_sourcedir/disable-systemd-sysusers.patch %_sourcedir/sysusers2shadow.sh
%endif
%build
%install
install -D -m 755 %{SOURCE0} %{buildroot}%{_prefix}/lib/rpm/sysusers.prov
install -D -m 644 %{SOURCE1} %{buildroot}%{_prefix}/lib/rpm/fileattrs/sysusers.attr
install -D -m 755 %{SOURCE2} %{buildroot}%{_prefix}/lib/rpm/sysusers-generate-pre
install -D -m 644 %{SOURCE3} %{buildroot}%{_rpmmacrodir}/macros.sysusers
install -D -m 755 %{SOURCE4} %{buildroot}%{_sbindir}/sysusers2shadow
%check
mkdir -p subdir
cat <<EOF > subdir/me.conf
# Type Name ID GECOS [HOME] Shell
u me - "myself" /dev/null
m me nogroup
# foobar
g asdf
z welp invalid
EOF
cat <<EOFF > expected-account-pre
/usr/sbin/sysusers2shadow me.conf <<"EOF" || [ -f /.buildenv ]
u me - "myself" /dev/null
m me nogroup
g asdf
EOF
EOFF
# copy pasta from macros.sysusers because the script sysusers-generate-pre is not in /usr/lib/rpm yet
bash %{SOURCE2} $(pwd)/subdir/me.conf me.conf > account.pre
diff account.pre expected-account-pre
%files
%defattr(-,root,root)
%{_rpmmacrodir}/macros.sysusers
%{_prefix}/lib/rpm/sysusers.prov
%{_prefix}/lib/rpm/fileattrs/sysusers.attr
%{_prefix}/lib/rpm/sysusers-generate-pre
%files -n sysuser-shadow
%defattr(-,root,root)
%{_sbindir}/sysusers2shadow
%changelog

6
sysusers-generate-pre Normal file
View File

@ -0,0 +1,6 @@
#!/bin/bash
# pass systemd sysusers config paths as argument to this script.
echo "/usr/sbin/sysusers2shadow $2 <<\"EOF\" || [ -f /.buildenv ]"
(while read -r line; do if [[ $line =~ ^\s*[ugmr] ]]; then echo "$line"; fi; done) < "$1"
echo 'EOF'

2
sysusers.attr Normal file
View File

@ -0,0 +1,2 @@
%__sysusers_provides %{_rpmconfigdir}/sysusers.prov
%__sysusers_path ^%{_prefix}/lib/sysusers.d/.*\\.conf$

21
sysusers.prov Normal file
View File

@ -0,0 +1,21 @@
#!/bin/bash
parse()
{
while read line; do
[ "${line:0:1}" != '#' ] || continue
line="${line## *}"
[ -n "$line" ] || continue
set -- $line
if [ "$1" = 'g' ]; then
echo "group($2)"
elif [ "$1" = 'u' ]; then
echo "user($2)"
echo "group($2)"
fi
done
}
while read fn; do
parse < "$fn"
done

127
sysusers2shadow.sh Normal file
View File

@ -0,0 +1,127 @@
#!/bin/sh
set -e
# Print the command and run it
run() {
echo "$@"
"$@"
}
if [ -x /usr/bin/systemd-sysusers ] && [ -e /proc/version ]; then
if [ -n "$1" ] && [ "$1" != "%3" ]; then
REPLACE_ARG="--replace=/usr/lib/sysusers.d/$1" ||:
fi
# Use systemd-sysusers and let it read the input directly from stdin
run /usr/bin/systemd-sysusers $REPLACE_ARG -
else
# Absolute path to busybox, if found
busybox=
for i in /bin/busybox /usr/bin/busybox; do [ -x "$i" ] && busybox=$i; done
while read LINE
do
# "eval set" to do proper splitting while respecting quotes
eval set -- $LINE
case "${1-}" in
\#*|"")
;;
g)
shift
ARGUMENTS="$1"
if [ -n "${2-}" ] && [ "$2" != "-" ]; then
ARGUMENTS="-g $2 $ARGUMENTS"
fi
if ! /usr/bin/getent group "$1" >> /dev/null; then
if [ -x "/usr/sbin/groupadd" ]; then
run /usr/sbin/groupadd -r $ARGUMENTS
elif [ -x "$busybox" ]; then
run $busybox addgroup -S $ARGUMENTS
else
echo "ERROR: neither groupadd nor busybox found!"
exit 1
fi
fi
;;
u)
shift
ARGUMENTS="$1"
if /usr/bin/getent passwd "$1" >> /dev/null; then
continue
fi
# Split user and Group id
userGrouArr=(${2//:/ })
USER_ID=${userGrouArr[0]}
GROUP_ID=${userGrouArr[1]}
if [ -n "$USER_ID" ] && [ "$USER_ID" != "-" ]; then
ARGUMENTS="-u $USER_ID $ARGUMENTS"
fi
homedir="/" # If null, empty or '-'
if [ "${4:--}" != "-" ]; then
homedir="$4"
fi
# Set shell only if not null, empty nor '-'
if [ "${5:--}" != "-" ]; then
ARGUMENTS="$ARGUMENTS -s $5"
else
ARGUMENTS="$ARGUMENTS -s /usr/sbin/nologin"
fi
if [ -x /usr/sbin/useradd ]; then
if [ -n "$GROUP_ID" ] && [ "$GROUP_ID" != "-" ]; then
# the group needs to exist if we want to use it for useradd
if ! /usr/bin/getent group "$GROUP_ID" >> /dev/null; then
if [ -x /usr/sbin/groupadd ]; then
run /usr/sbin/groupadd -g "$GROUP_ID" "$1"
else
echo "ERROR: groupadd not found!"
exit 1
fi
fi
ARGUMENTS="-g $GROUP_ID $ARGUMENTS"
else
# this is useradd/shadow specific
if /usr/bin/getent group "$1" >> /dev/null; then
ARGUMENTS="-g $1 $ARGUMENTS"
else
ARGUMENTS="-U $ARGUMENTS"
fi
fi
run /usr/sbin/useradd -r -c "$3" -d "${homedir}" $ARGUMENTS
elif [ -x "$busybox" ]; then
/usr/bin/getent group "$1" >> /dev/null || $busybox addgroup -S "$1"
run $busybox adduser -S -H -g "$3" -G "$1" -h "${homedir}" $ARGUMENTS
else
echo "ERROR: neither useradd nor busybox found!"
exit 1
fi
;;
m)
shift
if [ -x /usr/sbin/usermod ] ; then
run /usr/sbin/usermod -a -G "$2" "$1"
elif [ -x "$busybox" ]; then
run $busybox addgroup "$1" "$2"
else
echo "ERROR: neither usermod nor busybox found!"
exit 1
fi
;;
r)
echo "range option ignored: \"$LINE\""
;;
*)
echo "Syntax Error: \"$LINE\""
exit 1
;;
esac
done
fi