From f9706ed8c29085ca1d1e553e3b4372f245e4ba3c Mon Sep 17 00:00:00 2001 From: Mykyta Dorokhin Date: Tue, 15 Mar 2022 12:51:48 +0200 Subject: Fix incorrect usage of extrausers class instead of useradd class in tpm2-tss_2.3.2.bb recipe. Wrong usage leads to the folowing: bash# cat /etc/group | grep 1000 tss:x:1000: admin:x:1000: bash# cat /etc/passwd | grep 1000 tss:x:999:1000::/var/lib/tpm:/bin/false admin:x:1000:1000:admin:/home/admin:/bin/bash Fixed in mainline yocto (tpm2-tss_3.1.0.bb): https://git.yoctoproject.org/meta-security/commit/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_3.1.0.bb?id=da23c2a094b2e1a87da2932552ec96c0f842a639 --- recipes-tpm2/tpm2-tss/tpm2-tss_2.3.2.bbappend | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) create mode 100644 recipes-tpm2/tpm2-tss/tpm2-tss_2.3.2.bbappend diff --git a/recipes-tpm2/tpm2-tss/tpm2-tss_2.3.2.bbappend b/recipes-tpm2/tpm2-tss/tpm2-tss_2.3.2.bbappend new file mode 100644 index 0000000..56c16c2 --- /dev/null +++ b/recipes-tpm2/tpm2-tss/tpm2-tss_2.3.2.bbappend @@ -0,0 +1,24 @@ +inherit useradd + +# +# Incorrect usage of extrausers class instead of useradd class in tpm2-tss_2.3.2.bb recipe leads to the folowing: +# +# bash# cat /etc/group | grep 1000 +# tss:x:1000: +# admin:x:1000: +# +# bash# cat /etc/passwd | grep 1000 +# tss:x:999:1000::/var/lib/tpm:/bin/false +# admin:x:1000:1000:admin:/home/admin:/bin/bash +# +# Fixed in mainline yocto: +# https://git.yoctoproject.org/meta-security/commit/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_3.1.0.bb?id=da23c2a094b2e1a87da2932552ec96c0f842a639 +# + +# base recipe inherits extrausers. There is nothing we can do to remove this. So use empty values. +EXTRA_USERS_PARAMS = "" + +# These are useradd bbclass values +USERADD_PACKAGES = "${PN}" +GROUPADD_PARAM_${PN} = "--system tss" +USERADD_PARAM_${PN} = "--system -M -d /var/lib/tpm -s /bin/false -g tss tss" -- cgit v1.2.3