From patchwork Wed Mar 29 15:06:31 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Stefan Schantl X-Patchwork-Id: 6751 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4Pmqdb4zbJz3xCl for ; Wed, 29 Mar 2023 15:06:43 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4PmqdZ11cFz1DQ; Wed, 29 Mar 2023 15:06:42 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4PmqdY6M2Rz309Q; Wed, 29 Mar 2023 15:06:41 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4PmqdX3wSPz2xhV for ; Wed, 29 Mar 2023 15:06:40 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4PmqdW0P0vzrZ; Wed, 29 Mar 2023 15:06:38 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1680102399; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=x6hdMfi2AcYXFiXsPV1LbBDOliHkReZttZyyKclCLdU=; b=hH23ymha5czSnsoOpgLRiR/tpE/nQikht/XG3c5nfFfBuYbtwizpc3Hx3acBNSHbNK0+EW 8rKCvdXqIrasRmBw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1680102399; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=x6hdMfi2AcYXFiXsPV1LbBDOliHkReZttZyyKclCLdU=; b=IskZGd8NHzyVgzcjAkV+XvLugSeq66s9cjLtP3Dsv/Fhlzy89b1tLTxCFaqxSkRDXFVRpB Y3MbS1jA/N59mFZmXRP2VzhtZAQLkTWYWRM864xbp/kPdLnP2QxCivUfUpBTdEqOjZgrZ8 qwKRsCT+0YymoRjk942SzVZUv+HlVHZWLkzzzOvIr2JPGPpWryYPdUhGIP5nFzJSdNhj5W GIVT23VziOavD1B36bU8/DOVdAPO9LxdhAUiCmRkCKHZfAD5nsAJMIm4pK/tLMTmCVQCON 8U47jGY0MadxtbLyRKsUy1MGP6R8YlJFxXPa/9I/r0ozZOXm4L2ScJ7k8lMmEg== From: Stefan Schantl To: development@lists.ipfire.org Subject: [PATCH] setup: Use systemd sysusers mechanism to create users/groups Date: Wed, 29 Mar 2023 17:06:31 +0200 Message-Id: <20230329150631.2890261-1-stefan.schantl@ipfire.org> MIME-Version: 1.0 X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: development-bounces@lists.ipfire.org Sender: "Development" The sysusers files will be generated by the corresponding script file, based on the passwd and group file in the source directory. So we easily can edit the files stored in git and the changes will be taken. Signed-off-by: Stefan Schantl --- dbus/dbus.sysusers | 7 +++++++ setup/generate-sysusers-fragments.sh | 31 ++++++++++++++++++++++++++++ setup/setup.nm | 7 ++++++- 3 files changed, 44 insertions(+), 1 deletion(-) create mode 100644 dbus/dbus.sysusers create mode 100755 setup/generate-sysusers-fragments.sh diff --git a/dbus/dbus.sysusers b/dbus/dbus.sysusers new file mode 100644 index 000000000..2ed994442 --- /dev/null +++ b/dbus/dbus.sysusers @@ -0,0 +1,7 @@ +#Type Name ID REMARK Home directory Shell + +# Dbus group +g dbus 61 + +# Dbus user +u dbus 61 "User for dbus service" / /usr/sbin/nologin diff --git a/setup/generate-sysusers-fragments.sh b/setup/generate-sysusers-fragments.sh new file mode 100755 index 000000000..194c7204b --- /dev/null +++ b/setup/generate-sysusers-fragments.sh @@ -0,0 +1,31 @@ +#!/usr/bin/env bash +#SPDX-License-Identifier: 0BSD + +set -euo pipefail + +test -f group +test -f passwd + +mkdir -p sysusers.d + +while read -r line; do + groupname=$(echo "${line}" | cut -d: -f1) + gid=$(echo "${line}" | cut -d: -f3) + echo "g ${groupname} ${gid}" +done sysusers.d/20-setup-groups.conf + +while read -r line; do + username=$(echo "${line}" | cut -d: -f1) + uid=$(echo "${line}" | cut -d: -f3) + gid=$(echo "${line}" | cut -d: -f4) + gecos=$(echo "${line}" | cut -d: -f5) + homedir=$(echo "${line}" | cut -d: -f6) + if [ "${homedir}" == "/" ]; then + homedir="-" + fi + shell=$(echo "${line}" | cut -d: -f7) + if [ "${shell}" == "/usr/sbin/nologin" ]; then + shell="-" + fi + echo "u ${username} ${uid}:${gid} \"${gecos}\" ${homedir} ${shell}" +done sysusers.d/20-setup-users.conf diff --git a/setup/setup.nm b/setup/setup.nm index cee66fab4..d4fd041ec 100644 --- a/setup/setup.nm +++ b/setup/setup.nm @@ -5,7 +5,7 @@ name = setup version = 3.0 -release = 18 +release = 19 arch = noarch groups = Base Build System/Base @@ -29,6 +29,7 @@ build end build + bash ./generate-sysusers-fragments.sh bash ./shadowconvert.sh end @@ -69,6 +70,10 @@ build echo "d /run/motd.d 0755 root root -" >> %{BUILDROOT}%{tmpfilesdir}/%{name}.conf chmod 0644 %{BUILDROOT}%{tmpfilesdir}/%{name}.conf + # Install generated sysusers files. + mkdir -pv %{BUILDROOT}%{sysusersdir} + install -v -m 0644 %{DIR_APP}/sysusers.d/*.conf %{BUILDROOT}%{sysusersdir} + mkdir -pv %{BUILDROOT}%{sysconfdir}/sysctl.d install -m 644 %{DIR_APP}/sysctl/printk.conf \ %{BUILDROOT}%{sysconfdir}/sysctl.d/printk.conf