diff options
| author | Richard Purdie <richard.purdie@linuxfoundation.org> | 2017-04-12 18:29:09 +0100 | 
|---|---|---|
| committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2017-04-13 23:57:37 +0100 | 
| commit | 1b5afaf437f7a1107d4edca8eeb668b9618a5488 (patch) | |
| tree | 02cb063bb3c443f86ef3bed4f1311c89227bbea3 /meta/classes/cve-check.bbclass | |
| parent | 334020a800434d20e7c3312890a2baca295c41c7 (diff) | |
| download | openembedded-core-1b5afaf437f7a1107d4edca8eeb668b9618a5488.tar.gz openembedded-core-1b5afaf437f7a1107d4edca8eeb668b9618a5488.tar.bz2 openembedded-core-1b5afaf437f7a1107d4edca8eeb668b9618a5488.zip | |
base-passwd/useradd: Various improvements to useradd with RSS
Currently there are multiple issues with useradd:
* If base-passwd rebuilds, it wipes out recipe specific user/group additions
  to sysroots and causes errors
* If recipe A adds a user and recipe B depends on A, it can't see any of the
  users/groups A adds.
This patch changes base-passwd so it always works as a postinst script
within the sysroot and copies in the master files, then runs any
postinst-useradd-* scripts afterwards to add additional user/groups.
The postinst-useradd-* scripts are tweaked so that if /etc/passwd doesn't exist
they just exit, knowning they'll be executed later. We also add a dummy entry to
the dummy passwd file from pseudo so we can avoid this too.
There is a problem where if recipe A adds a user and recipe B depends on A but
doesn't care about users, it may not have a dependency on the useradd/groupadd
tools which would therefore not be available in B's sysroot. We therefore also
tweak postinst-useradd-* scripts so that if the tools aren't present we simply
don't add users. If you need the users, you add a dependency on the tools in the
recipe and they'll be added.
We add postinst-* to SSTATE_SCAN_FILES since almost any postinst script of this
kind is going to need relocation help.
We also ensure that the postinst-useradd script is written into the sstate
object as the current script was only being added in a recipe local way.
Thanks to Peter Kjellerstedt <pkj@axis.com> and Patrick Ohly for some pieces
of this patch.
[Yocto #11124]
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/classes/cve-check.bbclass')
0 files changed, 0 insertions, 0 deletions
