From patchwork Wed Mar 29 14:13:37 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Stefan Schantl X-Patchwork-Id: 6746 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4PmpSZ6Cg7z3x2l for ; Wed, 29 Mar 2023 14:13:50 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4PmpSX3KQ9z2xg; Wed, 29 Mar 2023 14:13:48 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4PmpSX1gkVz2yHd; Wed, 29 Mar 2023 14:13:48 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4PmpSV6JW4z2xK9 for ; Wed, 29 Mar 2023 14:13:46 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4PmpST2SNVzRT; Wed, 29 Mar 2023 14:13:45 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1680099225; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=W7Zvl6fLSWGkcJka8hdm8XGN2VuNLneScDa9Ir/P2f4=; b=8Y/CKep8Wog1ss5ZPZTN/FZx2JuU2YX8ccsLSBYUFBRAHGS2hTjcIJKwjd4oYtk9ykdahr wnUZ7B/4xuqvN8Cw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1680099225; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=W7Zvl6fLSWGkcJka8hdm8XGN2VuNLneScDa9Ir/P2f4=; b=CoHAaH0s7ucPnjEkX7M9qjEqF87MnOhEH1tzpyRVhotbtwElcEr70vyduVSKZBZits8Gok Okd3q3PGDHCnbvQKCP5LBep/GhT5x+/jc9zOYdq3LDjFkq+zVYKlz7dmfuj6pMSAlSNUfl +itAQIa8yxL/N4Xt1pewP7QVNBaVQx2X8UpXdP3oAzmMxY+aHlAGnuHYebgQdAa9efrj6m G4pXHautq0bMHvoCCHHe3qx7wkTjZT0M4n7pPJbm4sa3QBT7u+EX3amypSQiFm1ekr8aMi nE+tC1LvS2I/PLwXbcG5ZO2vTzLWm8EVdoZtzzsAQroxu1Jim12K9ePlhSDUaA== From: Stefan Schantl To: development@lists.ipfire.org Subject: [PATCH 1/2] systemd: Build manpages again Date: Wed, 29 Mar 2023 16:13:37 +0200 Message-Id: <20230329141338.2112407-1-stefan.schantl@ipfire.org> MIME-Version: 1.0 X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: development-bounces@lists.ipfire.org Sender: "Development" This "optional" feature now has to be enabled. Signed-off-by: Stefan Schantl --- systemd/systemd.nm | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/systemd/systemd.nm b/systemd/systemd.nm index a898c6826..2c409694c 100644 --- a/systemd/systemd.nm +++ b/systemd/systemd.nm @@ -5,7 +5,7 @@ name = systemd version = 253 -release = 3 +release = 4 maintainer = Stefan Schantl groups = System/Base @@ -78,6 +78,7 @@ build -Dsysvinit-path= \ -Dsysvrcnd-path= \ -Dzlib=true \ + -Dman=true \ -Dsmack=false \ -Dbacklight=false \ -Dfirstboot=false \ From patchwork Wed Mar 29 14:13:38 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Stefan Schantl X-Patchwork-Id: 6747 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4PmpSb4ny9z3xFR for ; Wed, 29 Mar 2023 14:13:51 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4PmpSX5w88z2xq; Wed, 29 Mar 2023 14:13:48 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4PmpSX2J7Rz30Jl; Wed, 29 Mar 2023 14:13:48 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4PmpSV72JKz2xq9 for ; Wed, 29 Mar 2023 14:13:46 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4PmpSV4pHFzv5; Wed, 29 Mar 2023 14:13:46 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1680099226; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=mdnDCDJ2PsunALTAefA06lwKroJjcloG1pztozQmsOU=; b=+2DoCL6UeRLtzhpFPbovFLmt72Id8Nfb4inBYmVZ8bPBT4wjVkYFsxaqS25nx21AtWOMso 7xAUgxaSNEXcqMAw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1680099226; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=mdnDCDJ2PsunALTAefA06lwKroJjcloG1pztozQmsOU=; b=m8JEk6RdMMG9kUqSPxx8W3mrnf34reZtMTqWpcRsLx5ghfUOz24swXH/NC4EwKVdq9Q63U HyiSM7U+VfyzMasWSQtTSBjxiLaTevzU9bCESLAIGH/a1ExVrmvu+UXuSpLeMQu3eUZoPK IG8kvDxMgzomg/PeTSb5Gw+wq8LfoVEZDJnA5d0Uw9GEM5DB16GSU9EMJWA+Asm0Dvhc2k zCdks9ne0LiNFSBoSRpQbfZFiGrD2jrT8xP4DTpOLUkurP0z6soItGcAzhyvah69IRonfj T3qf/4RlRJftvet6C3KV3T1F82A8JV0FXGC+HY2wRrimrcpChP67Va9EbW9K4Q== From: Stefan Schantl To: development@lists.ipfire.org Subject: [PATCH 2/2] systemd: Use sysusers mechanism inside the jail Date: Wed, 29 Mar 2023 16:13:38 +0200 Message-Id: <20230329141338.2112407-2-stefan.schantl@ipfire.org> In-Reply-To: <20230329141338.2112407-1-stefan.schantl@ipfire.org> References: <20230329141338.2112407-1-stefan.schantl@ipfire.org> MIME-Version: 1.0 X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: development-bounces@lists.ipfire.org Sender: "Development" Change the old user/group creation mechanism to use systemd's sysusers mechanism instead. This is a bit of a tricky part, because before systemd we do not have this binary. So at first we have to push the sysusers files to the jails sysusers directory and use the previous compiled and installed systemd-sysusers binary in order to create the groups/users which are part of systemd inside the jail. After that, everything works quite normal when modifying the files or direcotry owners. Signed-off-by: Stefan Schantl --- systemd/systemd.nm | 65 ++++++++++++++++++++++++++++------------------ 1 file changed, 40 insertions(+), 25 deletions(-) diff --git a/systemd/systemd.nm b/systemd/systemd.nm index 2c409694c..db57e4142 100644 --- a/systemd/systemd.nm +++ b/systemd/systemd.nm @@ -5,7 +5,7 @@ name = systemd version = 253 -release = 4 +release = 5 maintainer = Stefan Schantl groups = System/Base @@ -77,6 +77,9 @@ build configure_options = \ -Dsysvinit-path= \ -Dsysvrcnd-path= \ + -Dnobody-user=nobody \ + -Dnobody-group=nobody \ + -Dfallback-hostname="localhost" \ -Dzlib=true \ -Dman=true \ -Dsmack=false \ @@ -93,9 +96,26 @@ build -Dtimedated=false \ -Dpolkit=false - prepare_cmds - %{create_groups} - end + # Assign group ids + configure_options += \ + -Dadm-gid=4 \ + -Dtty-gid=5 \ + -Ddisk-gid=6 \ + -Dlp-gid=7 \ + -Dkmem-gid=9 \ + -Dwheel-gid=10 \ + -Dcdrom-gid=11 \ + -Ddialout-gid=18 \ + -Dutmp-gid=22 \ + -Dtape-gid=33 \ + -Dkvm-gid=36 \ + -Dvideo-gid=39 \ + -Daudio-gid=63 \ + -Dusers-gid=100 \ + -Dinput-gid=104 \ + -Drender-gid=105 \ + -Dsgx-gid=106 \ + -Dsystemd-journal-gid=190 build # Call meson and pass configure options. @@ -117,6 +137,10 @@ build # Install systemd. %{meson_install} + # Use the installed files to create all users and groups + # in one shot. + %{create_groups} + # Create folder in log to store the journal. mkdir -pv %{BUILDROOT}/var/log/journal @@ -202,22 +226,17 @@ build end create_groups - # Create groups for udev. - getent group cdrom >/dev/null || groupadd -g 11 cdrom || : - getent group tape >/dev/null || groupadd -g 33 tape || : - getent group dialout >/dev/null || groupadd -g 18 dialout || : - getent group floppy >/dev/null || groupadd -g 19 floppy || : - getent group input >/dev/null || groupadd -r input || : - getent group utmp >/dev/null || groupadd -r -g 22 utmp || : - - # Create group for journald. - getent group systemd-journal >/dev/null || /usr/sbin/groupadd -r systemd-journal -end + # Create the sysusers folder in the jail. + mkdir -pv %{sysusersdir} -quality-agent - whitelist_rpath - %{prefix}/lib/systemd - end + # Copy all sysusers files from BUILDROOT into the jail's sysusers directory. + install -v -m 644 %{BUILDROOT}%{sysusersdir}/*.conf %{sysusersdir} + + # We do not have a libsystemd or systemd-sysusers binary, so + # call the installed one inside BUILDROOT to create all users and + # groups in one shot. + LD_LIBRARY_PATH="%{BUILDROOT}%{libdir}/systemd/" \ + %{BUILDROOT}%{bindir}/systemd-sysusers end packages @@ -273,10 +292,6 @@ packages /etc/vconsole.conf end - script prein - %{create_groups} - end - script postin # Reexec systemd daemon. /usr/bin/systemctl daemon-reexec > /dev/null 2>&1 || : @@ -344,8 +359,8 @@ packages # Only ship the sysusers.d folder without # any config files. - /usr/lib/sysusers.d - !/usr/lib/sysusers.d/*.conf + %{sysusersdir} + !%{sysusersdir}/*.conf end end