summaryrefslogtreecommitdiff
path: root/meta/classes
diff options
context:
space:
mode:
authorPatrick Ohly <patrick.ohly@intel.com>2017-01-09 11:09:42 +0100
committerRichard Purdie <richard.purdie@linuxfoundation.org>2017-01-16 18:01:52 +0000
commitba684f436908ac2300a00c174d5aa06b4f824367 (patch)
treec87f06572f96df2c94afd31c66d97ee4185e4ce5 /meta/classes
parent3d0060f9703ba39fbdaafcbdf91e0c319b56f7b3 (diff)
downloadopenembedded-core-ba684f436908ac2300a00c174d5aa06b4f824367.tar.gz
openembedded-core-ba684f436908ac2300a00c174d5aa06b4f824367.tar.bz2
openembedded-core-ba684f436908ac2300a00c174d5aa06b4f824367.zip
rootfs-postcommands.bbclass: sort passwd entries
The /etc passwd files in a rootfs consist of the default entries from base-passwd plus anything that gets added via package installation, EXTRA_USERS_PARAMS and/or system sysusers. The execution order of preinst scripts is not perfectly deterministic, or at least unrelated changes caused it to change in a non-deterministic way, resulting in irrelevant changes in the order of passwd entries. useradd-staticids.bbclass ensures that the numeric IDs don't change, but re-ordering can still occur, which is bad for reproducible builds and file-based update mechanisms like swupd which work best if changes are as minimal as possible. To achieve that, the files get sorted in a post-processing command, enabled by default. Sorting is based primarily on the numeric IDs, so for example, the "root" user continues to be listed first. "nobody" now is at the end, which wasn't the case before. The order of the entries should not matter, but in obscure cases where it does (like having multiple entries for the same numeric ID) this behavior can be disabled by setting SORT_PASSWD_POSTPROCESS_COMMAND to an empty string. Fixes: YOCTO #10520 Signed-off-by: Patrick Ohly <patrick.ohly@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
Diffstat (limited to 'meta/classes')
-rw-r--r--meta/classes/rootfs-postcommands.bbclass22
1 files changed, 22 insertions, 0 deletions
diff --git a/meta/classes/rootfs-postcommands.bbclass b/meta/classes/rootfs-postcommands.bbclass
index 8d48a2d1d9..53a4fda4b1 100644
--- a/meta/classes/rootfs-postcommands.bbclass
+++ b/meta/classes/rootfs-postcommands.bbclass
@@ -30,6 +30,23 @@ ROOTFS_POSTPROCESS_COMMAND += 'empty_var_volatile;'
SSH_DISABLE_DNS_LOOKUP ?= " ssh_disable_dns_lookup ; "
ROOTFS_POSTPROCESS_COMMAND_append_qemuall = "${SSH_DISABLE_DNS_LOOKUP}"
+# Sort the user and group entries in /etc by ID in order to make the content
+# deterministic. Package installs are not deterministic, causing the ordering
+# of entries to change between builds. In case that this isn't desired,
+# the command can be overridden.
+#
+# Note that useradd-staticids.bbclass has to be used to ensure that
+# the numeric IDs of dynamically created entries remain stable.
+#
+# We want this to run as late as possible, in particular after
+# systemd_sysusers_create and set_user_group. Using _append is not
+# enough for that, set_user_group is added that way and would end
+# up running after us.
+SORT_PASSWD_POSTPROCESS_COMMAND ??= " sort_passwd; "
+python () {
+ d.appendVar('ROOTFS_POSTPROCESS_COMMAND', '${SORT_PASSWD_POSTPROCESS_COMMAND}')
+}
+
systemd_create_users () {
for conffile in ${IMAGE_ROOTFS}/usr/lib/sysusers.d/systemd.conf ${IMAGE_ROOTFS}/usr/lib/sysusers.d/systemd-remote.conf; do
[ -e $conffile ] || continue
@@ -146,6 +163,11 @@ ssh_disable_dns_lookup () {
fi
}
+python sort_passwd () {
+ import rootfspostcommands
+ rootfspostcommands.sort_passwd(d.expand('${IMAGE_ROOTFS}${sysconfdir}'))
+}
+
#
# Enable postinst logging if debug-tweaks is enabled
#