diff mbox series

[kirkstone,6/6] base-passwd: Add the sgx group

Message ID 20241217111229.60698-7-jonas.gorski@bisdn.de
State Accepted, archived
Commit a20b02fdfe64c005f7587a1d9077bdc282f7b6b1
Delegated to: Steve Sakoman
Headers show
Series base-passwd: backport fixes from master | expand

Commit Message

Jonas Gorski Dec. 17, 2024, 11:12 a.m. UTC 
From: Alex Kiernan <alex.kiernan@gmail.com>

To avoid errors from eudev/udev we need an sgx group, but if we add it
via groupadd that causes shadow login to be brought into an image, which
causes images which have CONFIG_MULTIUSER unset to fail with `setgid:
Function not implemented` as shadow's login doesn't implement the
heuristics which busybox has to handle this kernel configuration.

Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit a1c81ac4a869cc57394071ace2ca086eb8ac47a4)
Signed-off-by: Jonas Gorski <jonas.gorski@bisdn.de>
---
 .../0001-base-passwd-Add-the-sgx-group.patch  | 30 +++++++++++++++++++
 .../base-passwd/base-passwd_3.5.52.bb         |  1 +
 2 files changed, 31 insertions(+)
 create mode 100644 meta/recipes-core/base-passwd/base-passwd/0001-base-passwd-Add-the-sgx-group.patch

Comments

Jörg Sommer Jan. 2, 2025, 9:14 p.m. UTC | #1 
Jonas Gorski via lists.openembedded.org schrieb am Di 17. Dez, 12:12 (+0100):
> From: Alex Kiernan <alex.kiernan@gmail.com>
> 
> To avoid errors from eudev/udev we need an sgx group, but if we add it
> via groupadd that causes shadow login to be brought into an image,

Does this work for useradd-staticids.bbclass? I still have to provide an
entry for sgx in my group list:

ERROR: Nothing RPROVIDES 'systemd-analyze' (but /build/../repo/meta-distro/recipes-core/images/image.bb, /build/../repo/meta-distro/recipes-core/sys-tools/sys-tools_10.0.bb RDEPENDS on or otherwise requires it)
systemd RPROVIDES systemd-analyze but was skipped: Recipe systemd, package udev: system groupname "sgx" does not have a static ID defined. Add sgx to one of these files: /build/../repo/meta-distro/files/groups
ERROR: Required build target image' has no buildable providers.


Regards, Jörg
Jonas Gorski Jan. 7, 2025, 9:34 a.m. UTC | #2 
Hi Jörg,

sorry for the late response, I was on vacation.

On 02.01.25 22:14, Jörg Sommer wrote:
> Jonas Gorski via lists.openembedded.org schrieb am Di 17. Dez, 12:12 (+0100):
>> From: Alex Kiernan <alex.kiernan@gmail.com>
>>
>> To avoid errors from eudev/udev we need an sgx group, but if we add it
>> via groupadd that causes shadow login to be brought into an image,
> 
> Does this work for useradd-staticids.bbclass? I still have to provide an
> entry for sgx in my group list:
> 
> ERROR: Nothing RPROVIDES 'systemd-analyze' (but /build/../repo/meta-distro/recipes-core/images/image.bb, /build/../repo/meta-distro/recipes-core/sys-tools/sys-tools_10.0.bb RDEPENDS on or otherwise requires it)
> systemd RPROVIDES systemd-analyze but was skipped: Recipe systemd, package udev: system groupname "sgx" does not have a static ID defined. Add sgx to one of these files: /build/../repo/meta-distro/files/groups
> ERROR: Required build target image' has no buildable providers.

AFAIU, useradd-staticids does not currently have any insight in the 
base-passwd provided groups and users or vice versa, so you will still 
need to define them in your files/users and files/groups (with identical 
UID/GID).

Best Regards,
Jonas
diff mbox series

Patch

diff --git a/meta/recipes-core/base-passwd/base-passwd/0001-base-passwd-Add-the-sgx-group.patch b/meta/recipes-core/base-passwd/base-passwd/0001-base-passwd-Add-the-sgx-group.patch
new file mode 100644
index 000000000000..e1340e1b70cf
--- /dev/null
+++ b/meta/recipes-core/base-passwd/base-passwd/0001-base-passwd-Add-the-sgx-group.patch
@@ -0,0 +1,30 @@ 
+From 9e57771d138ac423d5139b984b8c869122ce4976 Mon Sep 17 00:00:00 2001
+From: Alex Kiernan <alexk@zuma.ai>
+Date: Fri, 28 Jul 2023 10:28:57 +0100
+Subject: [PATCH] base-passwd: Add the sgx group
+
+To avoid errors from eudev/udev we need an sgx group, but if we add it
+via groupadd that causes shadow login to be brought into an image, which
+causes images which have CONFIG_MULTIUSER unset to fail with `setgid:
+Function not implemented` as shadow's login doesn't implement the
+heuristics which busybox has to handle this kernel configuration.
+
+Upstream-Status: Inappropriate [oe-specific]
+
+Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
+---
+ group.master | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/group.master b/group.master
+index d34d2b832d43..e54fd1d2c6dc 100644
+--- a/group.master
++++ b/group.master
+@@ -34,6 +34,7 @@ video:*:44:
+ sasl:*:45:
+ plugdev:*:46:
+ kvm:*:47:
++sgx:*:48:
+ staff:*:50:
+ games:*:60:
+ shutdown:*:70:
diff --git a/meta/recipes-core/base-passwd/base-passwd_3.5.52.bb b/meta/recipes-core/base-passwd/base-passwd_3.5.52.bb
index 66b5a0e7dc6a..9fbba7e9c071 100644
--- a/meta/recipes-core/base-passwd/base-passwd_3.5.52.bb
+++ b/meta/recipes-core/base-passwd/base-passwd_3.5.52.bb
@@ -14,6 +14,7 @@  SRC_URI = "https://launchpad.net/debian/+archive/primary/+files/${BPN}_${PV}.tar
            file://0006-Make-it-possible-to-build-without-debconf-support.patch \
            file://0007-Make-it-possible-to-disable-the-generation-of-the-do.patch \
            file://0008-Add-wheel-group.patch \
+           file://0001-base-passwd-Add-the-sgx-group.patch \
            "
 
 SRC_URI[sha256sum] = "5dfec6556b5a16ecf14dd3f7c95b591d929270289268123f31a3d6317f95ccea"