keremet/rpm-ostree
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

compose: Add 'etc-group-members'

Browse Source 
Currently adding human users to a system group such as 'wheel' does
not work with shadow-utils as it exists now.  This is admittedly
a hack; basically we single out "wheel" as going in /etc/group, via:

    "etc-group-members": ["wheel"],

A more comprehensive solution to this will be:
https://github.com/projectatomic/rpm-ostree/issues/49
This commit is contained in:
Colin Walters 2014-11-17 11:52:20 -05:00
parent 3380682cc8
commit 9a20073893
4 changed files with 52 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
doc/treefile.md
View File

@ -27,6 +27,10 @@ Treefile
set; rpm-ostree will modify the `/etc/nsswitch.conf` in the target
root to ensure that `/usr/lib/passwd` is used.
* `etc-group-members`: Array of strings, optional: Unix groups in this
list will be stored in `/etc/group` instead of `/usr/lib/group`. Use
this option for groups for which humans should be a member.
* `install-langs`: Array of strings, optional. This sets the RPM
_install_langs macro. Set this to e.g. `["en_US", "fr_FR"]`.

16
src/rpmostree-json-parsing.c
View File

@ -112,3 +112,19 @@ _rpmostree_jsonutil_append_string_array_to (JsonObject *object,
return TRUE;
}
GHashTable *
_rpmostree_jsonutil_jsarray_strings_to_set (JsonArray *array)
{
GHashTable *ret = g_hash_table_new_full (g_str_hash, g_str_equal, NULL, g_free);
guint i;
guint len = json_array_get_length (array);
for (i = 0; i < len; i++)
{
const char *elt = json_array_get_string_element (array, i);
g_hash_table_add (ret, g_strdup (elt));
}
return ret;
}

3
src/rpmostree-json-parsing.h
View File

@ -46,4 +46,7 @@ _rpmostree_jsonutil_append_string_array_to (JsonObject *object,
GCancellable *cancellable,
GError **error);
GHashTable *
_rpmostree_jsonutil_jsarray_strings_to_set (JsonArray *array);

35
src/rpmostree-postprocess.c
View File

@ -596,6 +596,7 @@ typedef enum {
static gboolean
migrate_passwd_file_except_root (GFile *rootfs,
MigrateKind kind,
GHashTable *preserve,
GCancellable *cancellable,
GError **error)
{
@ -627,6 +628,8 @@ migrate_passwd_file_except_root (GFile *rootfs,
struct group *gr = NULL;
FILE *deststream;
int r;
guint32 id;
const char *name;
if (kind == MIGRATE_PASSWD)
pw = fgetpwent (src_stream);
@ -645,11 +648,21 @@ migrate_passwd_file_except_root (GFile *rootfs,
break;
}
if ((pw && pw->pw_uid == 0) ||
(gr && gr->gr_gid == 0))
deststream = etcdest_stream;
deststream = usrdest_stream;
if (pw)
{
id = pw->pw_uid;
name = pw->pw_name;
}
else
deststream = usrdest_stream;
{
id = gr->gr_gid;
name = gr->gr_name;
}
if (id == 0 || (preserve && g_hash_table_contains (preserve, name)))
deststream = etcdest_stream;
if (pw)
r = putpwent (pw, deststream);
@ -826,6 +839,7 @@ create_rootfs_from_yumroot_content (GFile *targetroot,
gboolean ret = FALSE;
gs_unref_object GFile *kernel_path = NULL;
gs_unref_object GFile *initramfs_path = NULL;
gs_unref_hashtable GHashTable *preserve_groups_set = NULL;
g_print ("Preparing kernel\n");
if (!do_kernel_prep (yumroot, cancellable, error))
@ -836,10 +850,19 @@ create_rootfs_from_yumroot_content (GFile *targetroot,
goto out;
g_print ("Migrating /etc/passwd to /usr/lib/\n");
if (!migrate_passwd_file_except_root (yumroot, MIGRATE_PASSWD, cancellable, error))
if (!migrate_passwd_file_except_root (yumroot, MIGRATE_PASSWD, NULL,
cancellable, error))
goto out;
if (json_object_has_member (treefile, "etc-group-members"))
{
JsonArray *etc_group_members = json_object_get_array_member (treefile, "etc-group-members");
preserve_groups_set = _rpmostree_jsonutil_jsarray_strings_to_set (etc_group_members);
}
g_print ("Migrating /etc/group to /usr/lib/\n");
if (!migrate_passwd_file_except_root (yumroot, MIGRATE_GROUP, cancellable, error))
if (!migrate_passwd_file_except_root (yumroot, MIGRATE_GROUP, preserve_groups_set,
cancellable, error))
goto out;
/* NSS configuration to look at the new files */