[meta-mentor] [PATCH] useradd.bbclass: Add members to a group

mikhail_durnev at mentor.com mikhail_durnev at mentor.com
Sun Jun 23 23:29:37 PDT 2013 

From: Mikhail Durnev <mikhail_durnev at mentor.com>

useradd.bbclass supports adding new users and new groups. But it does not
support adding existing users to existing groups.

There is a need of adding users to some groups (e.g. audio). The class was
extended to call groupmems utility with arguments passed via GROUPMEMS_PARAM.
Utility groupmems was patched to support sysroot settings.

Signed-off-by: Mikhail Durnev <mikhail_durnev at mentor.com>
---
 classes/useradd.bbclass                           |  272 +++++++++++++++++++++
 recipes/shadow/files/add_root_cmd_groupmems.patch |   75 ++++++
 recipes/shadow/shadow-native_4.1.4.3.bbappend     |    5 +
 3 files changed, 352 insertions(+)
 create mode 100644 classes/useradd.bbclass
 create mode 100644 recipes/shadow/files/add_root_cmd_groupmems.patch
 create mode 100644 recipes/shadow/shadow-native_4.1.4.3.bbappend

diff --git a/classes/useradd.bbclass b/classes/useradd.bbclass
new file mode 100644
index 0000000..7fd545a
--- /dev/null
+++ b/classes/useradd.bbclass
@@ -0,0 +1,272 @@
+# base-passwd-cross provides the default passwd and group files in the
+# target sysroot, and shadow -native and -sysroot provide the utilities
+# and support files needed to add and modify user and group accounts
+DEPENDS_append = "${USERADDDEPENDS}"
+USERADDDEPENDS = " base-passwd shadow-native shadow-sysroot shadow"
+USERADDDEPENDS_virtclass-cross = ""
+USERADDDEPENDS_class-native = ""
+USERADDDEPENDS_class-nativesdk = ""
+
+# This preinstall function can be run in four different contexts:
+#
+# a) Before do_install
+# b) At do_populate_sysroot_setscene when installing from sstate packages
+# c) As the preinst script in the target package at do_rootfs time
+# d) As the preinst script in the target package on device as a package upgrade
+#
+useradd_preinst () {
+OPT=""
+SYSROOT=""
+
+if test "x$D" != "x"; then
+	# Installing into a sysroot
+	SYSROOT="$D"
+	OPT="--root $D"
+
+	# Add groups and users defined for all recipe packages
+	GROUPADD_PARAM="${@get_all_cmd_params(d, 'groupadd')}"
+	USERADD_PARAM="${@get_all_cmd_params(d, 'useradd')}"
+	GROUPMEMS_PARAM="${@get_all_cmd_params(d, 'groupmems')}"
+else
+	# Installing onto a target
+	# Add groups and users defined only for this package
+	GROUPADD_PARAM="${GROUPADD_PARAM}"
+	USERADD_PARAM="${USERADD_PARAM}"
+	GROUPMEMS_PARAM="${GROUPMEMS_PARAM}"
+fi
+
+# Perform group additions first, since user additions may depend
+# on these groups existing
+if test "x$GROUPADD_PARAM" != "x"; then
+	echo "Running groupadd commands..."
+	# Invoke multiple instances of groupadd for parameter lists
+	# separated by ';'
+	opts=`echo "$GROUPADD_PARAM" | cut -d ';' -f 1`
+	remaining=`echo "$GROUPADD_PARAM" | cut -d ';' -f 2-`
+	while test "x$opts" != "x"; do
+		groupname=`echo "$opts" | awk '{ print $NF }'`
+		group_exists=`grep "^$groupname:" $SYSROOT/etc/group || true`
+		if test "x$group_exists" = "x"; then
+			count=1
+			while true; do
+				eval $PSEUDO groupadd $OPT $opts || true
+				group_exists=`grep "^$groupname:" $SYSROOT/etc/group || true`
+				if test "x$group_exists" = "x"; then
+					# File locking issues can require us to retry the command
+					echo "WARNING: groupadd command did not succeed. Retrying..."
+					sleep 1
+				else
+					break
+				fi
+				count=`expr $count + 1`
+				if test $count = 11; then
+					echo "ERROR: tried running groupadd command 10 times without success, giving up"
+					exit 1
+				fi
+			done		
+		else
+			echo "Note: group $groupname already exists, not re-creating it"
+		fi
+
+		if test "x$opts" = "x$remaining"; then
+			break
+		fi
+		opts=`echo "$remaining" | cut -d ';' -f 1`
+		remaining=`echo "$remaining" | cut -d ';' -f 2-`
+	done
+fi 
+
+if test "x$USERADD_PARAM" != "x"; then
+	echo "Running useradd commands..."
+	# Invoke multiple instances of useradd for parameter lists
+	# separated by ';'
+	opts=`echo "$USERADD_PARAM" | cut -d ';' -f 1`
+	remaining=`echo "$USERADD_PARAM" | cut -d ';' -f 2-`
+	while test "x$opts" != "x"; do
+		# useradd does not have a -f option, so we have to check if the
+		# username already exists manually
+		username=`echo "$opts" | awk '{ print $NF }'`
+		user_exists=`grep "^$username:" $SYSROOT/etc/passwd || true`
+		if test "x$user_exists" = "x"; then
+			count=1
+			while true; do
+				eval $PSEUDO useradd $OPT $opts || true
+				user_exists=`grep "^$username:" $SYSROOT/etc/passwd || true`
+				if test "x$user_exists" = "x"; then
+					# File locking issues can require us to retry the command
+					echo "WARNING: useradd command did not succeed. Retrying..."
+					sleep 1
+				else
+					break
+				fi
+				count=`expr $count + 1`
+				if test $count = 11; then
+					echo "ERROR: tried running useradd command 10 times without success, giving up"
+					exit 1
+				fi
+			done
+		else
+			echo "Note: username $username already exists, not re-creating it"
+		fi
+
+		if test "x$opts" = "x$remaining"; then
+			break
+		fi
+		opts=`echo "$remaining" | cut -d ';' -f 1`
+		remaining=`echo "$remaining" | cut -d ';' -f 2-`
+	done
+fi
+
+if test "x$GROUPMEMS_PARAM" != "x"; then
+	echo "Running groupmems commands..."
+	# groupmems fails if /etc/gshadow does not exist
+	if [ -f $SYSROOT${sysconfdir}/gshadow ]; then
+		gshadow="yes"
+	else
+		gshadow="no"
+		touch $SYSROOT${sysconfdir}/gshadow
+	fi
+	# Invoke multiple instances of groupmems for parameter lists
+	# separated by ';'
+	opts=`echo "$GROUPMEMS_PARAM" | cut -d ';' -f 1`
+	remaining=`echo "$GROUPMEMS_PARAM" | cut -d ';' -f 2-`
+	while test "x$opts" != "x"; do
+		groupname=`echo "$opts" | awk '{ for (i = 1; i < NF; i++) if ($i == "-g" || $i == "--group") print $(i+1) }'`
+		username=`echo "$opts" | awk '{ for (i = 1; i < NF; i++) if ($i == "-a" || $i == "--add") print $(i+1) }'`
+		echo "$groupname $username"
+		mem_exists=`grep "^$groupname:[^:]*:[^:]*:\([^,]*,\)*$username\(,[^,]*\)*" $SYSROOT/etc/group || true`
+		if test "x$mem_exists" = "x"; then
+			count=1
+			while true; do
+				eval $PSEUDO groupmems $OPT $opts || true
+				mem_exists=`grep "^$groupname:[^:]*:[^:]*:\([^,]*,\)*$username\(,[^,]*\)*" $SYSROOT/etc/group || true`
+				if test "x$mem_exists" = "x"; then
+					# File locking issues can require us to retry the command
+					echo "WARNING: groupmems command did not succeed. Retrying..."
+					sleep 1
+				else
+					break
+				fi
+				count=`expr $count + 1`
+				if test $count = 11; then
+					echo "ERROR: tried running groupmems command 10 times without success, giving up"
+					if test "x$gshadow" = "xno"; then
+						rm -f $SYSROOT${sysconfdir}/gshadow
+						rm -f $SYSROOT${sysconfdir}/gshadow-
+					fi
+					exit 1
+				fi
+			done		
+		else
+			echo "Note: group $groupname already contains $username, not re-adding it"
+		fi
+
+		if test "x$opts" = "x$remaining"; then
+			break
+		fi
+		opts=`echo "$remaining" | cut -d ';' -f 1`
+		remaining=`echo "$remaining" | cut -d ';' -f 2-`
+	done
+	if test "x$gshadow" = "xno"; then
+		rm -f $SYSROOT${sysconfdir}/gshadow
+		rm -f $SYSROOT${sysconfdir}/gshadow-
+	fi
+fi 
+}
+
+useradd_sysroot () {
+	# Pseudo may (do_install) or may not (do_populate_sysroot_setscene) be running 
+	# at this point so we're explicit about the environment so pseudo can load if 
+	# not already present.
+	export PSEUDO="${FAKEROOTENV} PSEUDO_LOCALSTATEDIR=${STAGING_DIR_TARGET}${localstatedir}/pseudo ${STAGING_DIR_NATIVE}${bindir}/pseudo"
+
+	# Explicitly set $D since it isn't set to anything
+	# before do_install
+	D=${STAGING_DIR_TARGET}
+	useradd_preinst
+}
+
+useradd_sysroot_sstate () {
+	if [ "${BB_CURRENTTASK}" = "package_setscene" ]
+	then
+		useradd_sysroot
+	fi
+}
+
+do_install[prefuncs] += "${SYSROOTFUNC}"
+SYSROOTFUNC = "useradd_sysroot"
+SYSROOTFUNC_virtclass-cross = ""
+SYSROOTFUNC_class-native = ""
+SYSROOTFUNC_class-nativesdk = ""
+SSTATEPREINSTFUNCS += "${SYSROOTPOSTFUNC}"
+SYSROOTPOSTFUNC = "useradd_sysroot_sstate"
+SYSROOTPOSTFUNC_virtclass-cross = ""
+SYSROOTPOSTFUNC_class-native = ""
+SYSROOTPOSTFUNC_class-nativesdk = ""
+
+USERADDSETSCENEDEPS = "${MLPREFIX}base-passwd:do_populate_sysroot_setscene shadow-native:do_populate_sysroot_setscene ${MLPREFIX}shadow-sysroot:do_populate_sysroot_setscene"
+USERADDSETSCENEDEPS_virtclass-cross = ""
+USERADDSETSCENEDEPS_class-native = ""
+USERADDSETSCENEDEPS_class-nativesdk = ""
+do_package_setscene[depends] = "${USERADDSETSCENEDEPS}"
+
+# Recipe parse-time sanity checks
+def update_useradd_after_parse(d):
+    useradd_packages = d.getVar('USERADD_PACKAGES', True)
+
+    if not useradd_packages:
+        raise bb.build.FuncFailed, "%s inherits useradd but doesn't set USERADD_PACKAGES" % d.getVar('FILE')
+
+    for pkg in useradd_packages.split():
+        if not d.getVar('USERADD_PARAM_%s' % pkg, True) and not d.getVar('GROUPADD_PARAM_%s' % pkg, True) and not d.getVar('GROUPMEMS_PARAM_%s' % pkg, True):
+            raise bb.build.FuncFailed, "%s inherits useradd but doesn't set USERADD_PARAM, GROUPADD_PARAM or GROUPMEMS_PARAM for package %s" % (d.getVar('FILE'), pkg)
+
+python __anonymous() {
+    update_useradd_after_parse(d)
+}
+
+# Return a single [GROUP|USER]ADD_PARAM formatted string which includes the
+# [group|user]add parameters for all USERADD_PACKAGES in this recipe
+def get_all_cmd_params(d, cmd_type):
+    import string
+    
+    param_type = cmd_type.upper() + "_PARAM_%s"
+    params = []
+
+    useradd_packages = d.getVar('USERADD_PACKAGES', True) or ""
+    for pkg in useradd_packages.split():
+        param = d.getVar(param_type % pkg, True)
+        if param:
+            params.append(param)
+
+    return string.join(params, "; ")
+
+# Adds the preinst script into generated packages
+fakeroot python populate_packages_prepend () {
+    def update_useradd_package(pkg):
+        bb.debug(1, 'adding user/group calls to preinst for %s' % pkg)
+
+        """
+        useradd preinst is appended here because pkg_preinst may be
+        required to execute on the target. Not doing so may cause
+        useradd preinst to be invoked twice, causing unwanted warnings.
+        """
+        preinst = d.getVar('pkg_preinst_%s' % pkg, True) or d.getVar('pkg_preinst', True)
+        if not preinst:
+            preinst = '#!/bin/sh\n'
+        preinst += d.getVar('useradd_preinst', True)
+        d.setVar('pkg_preinst_%s' % pkg, preinst)
+
+        # RDEPENDS setup
+        rdepends = d.getVar("RDEPENDS_%s" % pkg, True) or ""
+        rdepends += ' ' + d.getVar('MLPREFIX') + 'base-passwd'
+        rdepends += ' ' + d.getVar('MLPREFIX') + 'shadow'
+        d.setVar("RDEPENDS_%s" % pkg, rdepends)
+
+    # Add the user/group preinstall scripts and RDEPENDS requirements
+    # to packages specified by USERADD_PACKAGES
+    if not bb.data.inherits_class('nativesdk', d):
+        useradd_packages = d.getVar('USERADD_PACKAGES', True) or ""
+        for pkg in useradd_packages.split():
+            update_useradd_package(pkg)
+}
diff --git a/recipes/shadow/files/add_root_cmd_groupmems.patch b/recipes/shadow/files/add_root_cmd_groupmems.patch
new file mode 100644
index 0000000..a59d89e
--- /dev/null
+++ b/recipes/shadow/files/add_root_cmd_groupmems.patch
@@ -0,0 +1,75 @@
+Add a --root command option to groupmems utility.
+
+This option allows the utility to be chrooted when run under pseudo.
+
+Signed-off-by: Mikhail Durnev <mikhail_durnev at mentor.com>
+
+diff -Naur old/src/groupmems.c new/src/groupmems.c
+--- old/src/groupmems.c	2011-02-13 11:58:16.000000000 -0600
++++ new/src/groupmems.c	2013-05-30 04:45:38.000000000 -0500
+@@ -60,6 +60,7 @@
+ #define EXIT_MEMBER_EXISTS	7	/* member of group already exists */
+ #define EXIT_INVALID_USER	8	/* specified user does not exist */
+ #define EXIT_INVALID_GROUP	9	/* specified group does not exist */
++#define EXIT_BAD_ARG		10	/* invalid argument to option */
+ 
+ /*
+  * Global variables
+@@ -79,6 +80,7 @@
+ static bool is_shadowgrp;
+ static bool sgr_locked = false;
+ #endif
++static const char *newroot = "";
+ 
+ /* local function prototypes */
+ static char *whoami (void);
+@@ -368,6 +370,7 @@
+ 	                "Options:\n"
+ 	                "  -g, --group groupname         change groupname instead of the user's group\n"
+ 	                "                                (root only)\n"
++	                "  -R, --root CHROOT_DIR         directory to chroot into\n"
+ 	                "\n"
+ 	                "Actions:\n"
+ 	                "  -a, --add username            add username to the members of the group\n"
+@@ -391,10 +394,11 @@
+ 		{"group", required_argument, NULL, 'g'},
+ 		{"list", no_argument, NULL, 'l'},
+ 		{"purge", no_argument, NULL, 'p'},
++		{"root", required_argument, NULL, 'R'},
+ 		{NULL, 0, NULL, '\0'}
+ 	};
+ 
+-	while ((arg = getopt_long (argc, argv, "a:d:g:lp", long_options,
++	while ((arg = getopt_long (argc, argv, "a:d:g:lpR:", long_options,
+ 	                           &option_index)) != EOF) {
+ 		switch (arg) {
+ 		case 'a':
+@@ -416,6 +420,28 @@
+ 			purge = true;
+ 			++exclusive;
+ 			break;
++		case 'R':
++			if ('/' != optarg[0]) {
++				fprintf (stderr,
++					 _("%s: invalid chroot path '%s'\n"),
++					Prog, optarg);
++				exit (EXIT_BAD_ARG);
++			}
++			newroot = optarg;
++
++			if (access (newroot, F_OK) != 0) {
++				fprintf(stderr,
++					_("%s: chroot directory %s does not exist\n"),
++					Prog, newroot);
++				exit (EXIT_BAD_ARG);
++			}
++			if ( chroot(newroot) != 0 ) {
++				fprintf(stderr,
++					_("%s: unable to chroot to directory %s\n"),
++					Prog, newroot);
++				exit (EXIT_BAD_ARG);
++			}
++			break;
+ 		default:
+ 			usage ();
+ 		}
diff --git a/recipes/shadow/shadow-native_4.1.4.3.bbappend b/recipes/shadow/shadow-native_4.1.4.3.bbappend
new file mode 100644
index 0000000..de6e40f
--- /dev/null
+++ b/recipes/shadow/shadow-native_4.1.4.3.bbappend
@@ -0,0 +1,5 @@
+PRINC := "${@int(PRINC) + 1}"
+
+FILESEXTRAPATHS_prepend := "${THISDIR}/files:"
+
+SRC_URI += "file://add_root_cmd_groupmems.patch"
-- 
1.7.9.5

More information about the meta-mentor mailing list