Message ID | 20230613-sysusersd-v1-2-eaddf3179773@baylibre.com |
---|---|
State | Accepted, archived |
Commit | 5a0dd8fe478536f9ea503e3e1bc668b7e814bd85 |
Headers | show |
Series | rootfs-postcommands: replace the sysusers.d postcommand | expand |
> -----Original Message----- > From: openembedded-core@lists.openembedded.org <openembedded-core@lists.openembedded.org> On Behalf Of Louis Rannou > Sent: den 15 juni 2023 13:44 > To: openembedded-core@lists.openembedded.org > Cc: Louis Rannou <lrannou@baylibre.com>; anuj.mittal@intel.com > Subject: [OE-core] [PATCH 2/3] systemd: replace the sysusers.d basic configuration > > The default sysusers basic.conf.in file sets the root home directory to `/root` > and does not permit its configuration. Replace the file delivered by systemd so > the root home directory matches the `ROOT_HOME` variable. > > Signed-off-by: Louis Rannou <lrannou@baylibre.com> > --- > meta/recipes-core/systemd/systemd/basic.conf.in | 40 +++++++++++++++++++++++++ > meta/recipes-core/systemd/systemd_253.3.bb | 5 ++++ > 2 files changed, 45 insertions(+) > > diff --git a/meta/recipes-core/systemd/systemd/basic.conf.in b/meta/recipes-core/systemd/systemd/basic.conf.in > new file mode 100644 > index 0000000000..fac288f7fa > --- /dev/null > +++ b/meta/recipes-core/systemd/systemd/basic.conf.in > @@ -0,0 +1,40 @@ > +# This file is part of systemd. > +# > +# systemd is free software; you can redistribute it and/or modify it > +# under the terms of the GNU Lesser General Public License as published by > +# the Free Software Foundation; either version 2.1 of the License, or > +# (at your option) any later version. > + > +# The superuser > +u root 0 "root" :ROOT_HOME: > + > +# The nobody user/group for NFS file systems > +g {{NOBODY_GROUP_NAME}} 65534 - - > +u {{NOBODY_USER_NAME }} 65534:65534 "Nobody" - > + > +# Administrator group: can *see* more than normal users > +g adm {{ADM_GID }} - - > + > +# Administrator group: can *do* more than normal users > +g wheel {{WHEEL_GID }} - - > + > +# Access to shared database of users on the system > +g utmp {{UTMP_GID }} - - > + > +# Physical and virtual hardware access groups > +g audio {{AUDIO_GID }} - - > +g cdrom {{CDROM_GID }} - - > +g dialout {{DIALOUT_GID}} - - > +g disk {{DISK_GID }} - - > +g input {{INPUT_GID }} - - > +g kmem {{KMEM_GID }} - - > +g kvm {{KVM_GID }} - - > +g lp {{LP_GID }} - - > +g render {{RENDER_GID }} - - > +g sgx {{SGX_GID }} - - > +g tape {{TAPE_GID }} - - > +g tty {{TTY_GID }} - - > +g video {{VIDEO_GID }} - - > + > +# Default group for normal users > +g users {{USERS_GID }} - - > diff --git a/meta/recipes-core/systemd/systemd_253.3.bb b/meta/recipes-core/systemd/systemd_253.3.bb > index 45dc6ab5bb..87fbf6f785 100644 > --- a/meta/recipes-core/systemd/systemd_253.3.bb > +++ b/meta/recipes-core/systemd/systemd_253.3.bb > @@ -17,6 +17,7 @@ REQUIRED_DISTRO_FEATURES = "systemd" > SRC_URI += " \ > file://touchscreen.rules \ > file://00-create-volatile.conf \ > + file://basic.conf.in \ Instead of including a modified copy of the basic.conf.in file from systemd, include a patch that modifies the file that systemd provides. Otherwise this becomes a maintenance problem where it is easy to miss changes that upstream does to the file, and also hard to know what you have changed. > ${@bb.utils.contains('PACKAGECONFIG', 'polkit_hostnamed_fallback', 'file://org.freedesktop.hostname1_no_polkit.conf', '', d)} \ > ${@bb.utils.contains('PACKAGECONFIG', 'polkit_hostnamed_fallback', 'file://00-hostnamed-network-user.conf', '', d)} \ > file://init \ > @@ -252,6 +253,10 @@ EXTRA_OEMESON += "-Dkexec-path=${sbindir}/kexec \ > # The 60 seconds is watchdog's default vaule. > WATCHDOG_TIMEOUT ??= "60" > > +do_configure:prepend() { > + sed s@:ROOT_HOME:@${ROOT_HOME}@g ${WORKDIR}/basic.conf.in > ${S}/sysusers.d/basic.conf.in Please indent shell code using tabs, and change the command to: sed -i s@:ROOT_HOME:@${ROOT_HOME}@g ${S}/sysusers.d/basic.conf.in once you have added the patch as per above. However, I am wondering if this has to be done during do_configure()? It might become confusing if you ever `devtool modify systemd` (which we do). Wouldn't it be better to do it on the installed file in the do_install() below instead? > +} > + > do_install() { > meson_do_install > install -d ${D}/${base_sbindir} > > -- > 2.41.0 //Peter
Hello, On 16/06/2023 18:51, Peter Kjellerstedt wrote: >> -----Original Message----- >> From: openembedded-core@lists.openembedded.org <openembedded-core@lists.openembedded.org> On Behalf Of Louis Rannou >> Sent: den 15 juni 2023 13:44 >> To: openembedded-core@lists.openembedded.org >> Cc: Louis Rannou <lrannou@baylibre.com>; anuj.mittal@intel.com >> Subject: [OE-core] [PATCH 2/3] systemd: replace the sysusers.d basic configuration >> >> The default sysusers basic.conf.in file sets the root home directory to `/root` >> and does not permit its configuration. Replace the file delivered by systemd so >> the root home directory matches the `ROOT_HOME` variable. >> >> Signed-off-by: Louis Rannou <lrannou@baylibre.com> >> --- >> meta/recipes-core/systemd/systemd/basic.conf.in | 40 +++++++++++++++++++++++++ >> meta/recipes-core/systemd/systemd_253.3.bb | 5 ++++ >> 2 files changed, 45 insertions(+) >> >> diff --git a/meta/recipes-core/systemd/systemd/basic.conf.in b/meta/recipes-core/systemd/systemd/basic.conf.in >> new file mode 100644 >> index 0000000000..fac288f7fa >> --- /dev/null >> +++ b/meta/recipes-core/systemd/systemd/basic.conf.in >> @@ -0,0 +1,40 @@ >> +# This file is part of systemd. >> +# >> +# systemd is free software; you can redistribute it and/or modify it >> +# under the terms of the GNU Lesser General Public License as published by >> +# the Free Software Foundation; either version 2.1 of the License, or >> +# (at your option) any later version. >> + >> +# The superuser >> +u root 0 "root" :ROOT_HOME: >> + >> +# The nobody user/group for NFS file systems >> +g {{NOBODY_GROUP_NAME}} 65534 - - >> +u {{NOBODY_USER_NAME }} 65534:65534 "Nobody" - >> + >> +# Administrator group: can *see* more than normal users >> +g adm {{ADM_GID }} - - >> + >> +# Administrator group: can *do* more than normal users >> +g wheel {{WHEEL_GID }} - - >> + >> +# Access to shared database of users on the system >> +g utmp {{UTMP_GID }} - - >> + >> +# Physical and virtual hardware access groups >> +g audio {{AUDIO_GID }} - - >> +g cdrom {{CDROM_GID }} - - >> +g dialout {{DIALOUT_GID}} - - >> +g disk {{DISK_GID }} - - >> +g input {{INPUT_GID }} - - >> +g kmem {{KMEM_GID }} - - >> +g kvm {{KVM_GID }} - - >> +g lp {{LP_GID }} - - >> +g render {{RENDER_GID }} - - >> +g sgx {{SGX_GID }} - - >> +g tape {{TAPE_GID }} - - >> +g tty {{TTY_GID }} - - >> +g video {{VIDEO_GID }} - - >> + >> +# Default group for normal users >> +g users {{USERS_GID }} - - >> diff --git a/meta/recipes-core/systemd/systemd_253.3.bb b/meta/recipes-core/systemd/systemd_253.3.bb >> index 45dc6ab5bb..87fbf6f785 100644 >> --- a/meta/recipes-core/systemd/systemd_253.3.bb >> +++ b/meta/recipes-core/systemd/systemd_253.3.bb >> @@ -17,6 +17,7 @@ REQUIRED_DISTRO_FEATURES = "systemd" >> SRC_URI += " \ >> file://touchscreen.rules \ >> file://00-create-volatile.conf \ >> + file://basic.conf.in \ > > Instead of including a modified copy of the basic.conf.in file > from systemd, include a patch that modifies the file that systemd > provides. Otherwise this becomes a maintenance problem where it > is easy to miss changes that upstream does to the file, and also > hard to know what you have changed. > This came to my mind, but it seems to me it's a configuration and not a patch. Some distribution as debian generate their own. It could also be replaced by the user to set its own preferences. It is not supposed to change the default configuration, but to set the one we need. >> ${@bb.utils.contains('PACKAGECONFIG', 'polkit_hostnamed_fallback', 'file://org.freedesktop.hostname1_no_polkit.conf', '', d)} \ >> ${@bb.utils.contains('PACKAGECONFIG', 'polkit_hostnamed_fallback', 'file://00-hostnamed-network-user.conf', '', d)} \ >> file://init \ >> @@ -252,6 +253,10 @@ EXTRA_OEMESON += "-Dkexec-path=${sbindir}/kexec \ >> # The 60 seconds is watchdog's default vaule. >> WATCHDOG_TIMEOUT ??= "60" >> >> +do_configure:prepend() { >> + sed s@:ROOT_HOME:@${ROOT_HOME}@g ${WORKDIR}/basic.conf.in > ${S}/sysusers.d/basic.conf.in > > Please indent shell code using tabs, and change the command to: > > sed -i s@:ROOT_HOME:@${ROOT_HOME}@g ${S}/sysusers.d/basic.conf.in > > once you have added the patch as per above. I understand '@' is easier to read than ':'. I have used the colon because its usage is very restricted in the sysusers.d file. But it's fine to me as this is supposed to be a path. Also, the input file and the output are not in the same directory. I am not sure about the "-i" option. > > However, I am wondering if this has to be done during do_configure()? > It might become confusing if you ever `devtool modify systemd` (which > we do). Wouldn't it be better to do it on the installed file in the > do_install() below instead? > This file is parsed at systemd compilation. The file has to be correct before that. >> +} >> + >> do_install() { >> meson_do_install >> install -d ${D}/${base_sbindir} >> >> -- >> 2.41.0 > > //Peter > Louis
Hello, please find an answer to the last comment On 19/06/2023 14:10, Louis Rannou wrote: > Hello, > > On 16/06/2023 18:51, Peter Kjellerstedt wrote: >>> -----Original Message----- >>> From: openembedded-core@lists.openembedded.org >>> <openembedded-core@lists.openembedded.org> On Behalf Of Louis Rannou >>> Sent: den 15 juni 2023 13:44 >>> To: openembedded-core@lists.openembedded.org >>> Cc: Louis Rannou <lrannou@baylibre.com>; anuj.mittal@intel.com >>> Subject: [OE-core] [PATCH 2/3] systemd: replace the sysusers.d basic >>> configuration >>> >>> The default sysusers basic.conf.in file sets the root home directory >>> to `/root` >>> and does not permit its configuration. Replace the file delivered by >>> systemd so >>> the root home directory matches the `ROOT_HOME` variable. >>> >>> Signed-off-by: Louis Rannou <lrannou@baylibre.com> >>> --- >>> meta/recipes-core/systemd/systemd/basic.conf.in | 40 >>> +++++++++++++++++++++++++ >>> meta/recipes-core/systemd/systemd_253.3.bb | 5 ++++ >>> 2 files changed, 45 insertions(+) >>> >>> diff --git a/meta/recipes-core/systemd/systemd/basic.conf.in >>> b/meta/recipes-core/systemd/systemd/basic.conf.in >>> new file mode 100644 >>> index 0000000000..fac288f7fa >>> --- /dev/null >>> +++ b/meta/recipes-core/systemd/systemd/basic.conf.in >>> @@ -0,0 +1,40 @@ >>> +# This file is part of systemd. >>> +# >>> +# systemd is free software; you can redistribute it and/or modify it >>> +# under the terms of the GNU Lesser General Public License as >>> published by >>> +# the Free Software Foundation; either version 2.1 of the License, or >>> +# (at your option) any later version. >>> + >>> +# The superuser >>> +u root 0 "root" :ROOT_HOME: >>> + >>> +# The nobody user/group for NFS file systems >>> +g {{NOBODY_GROUP_NAME}} 65534 - - >>> +u {{NOBODY_USER_NAME }} 65534:65534 "Nobody" - >>> + >>> +# Administrator group: can *see* more than normal users >>> +g adm {{ADM_GID }} - - >>> + >>> +# Administrator group: can *do* more than normal users >>> +g wheel {{WHEEL_GID }} - - >>> + >>> +# Access to shared database of users on the system >>> +g utmp {{UTMP_GID }} - - >>> + >>> +# Physical and virtual hardware access groups >>> +g audio {{AUDIO_GID }} - - >>> +g cdrom {{CDROM_GID }} - - >>> +g dialout {{DIALOUT_GID}} - - >>> +g disk {{DISK_GID }} - - >>> +g input {{INPUT_GID }} - - >>> +g kmem {{KMEM_GID }} - - >>> +g kvm {{KVM_GID }} - - >>> +g lp {{LP_GID }} - - >>> +g render {{RENDER_GID }} - - >>> +g sgx {{SGX_GID }} - - >>> +g tape {{TAPE_GID }} - - >>> +g tty {{TTY_GID }} - - >>> +g video {{VIDEO_GID }} - - >>> + >>> +# Default group for normal users >>> +g users {{USERS_GID }} - - >>> diff --git a/meta/recipes-core/systemd/systemd_253.3.bb >>> b/meta/recipes-core/systemd/systemd_253.3.bb >>> index 45dc6ab5bb..87fbf6f785 100644 >>> --- a/meta/recipes-core/systemd/systemd_253.3.bb >>> +++ b/meta/recipes-core/systemd/systemd_253.3.bb >>> @@ -17,6 +17,7 @@ REQUIRED_DISTRO_FEATURES = "systemd" >>> SRC_URI += " \ >>> file://touchscreen.rules \ >>> file://00-create-volatile.conf \ >>> + file://basic.conf.in \ >> >> Instead of including a modified copy of the basic.conf.in file >> from systemd, include a patch that modifies the file that systemd >> provides. Otherwise this becomes a maintenance problem where it >> is easy to miss changes that upstream does to the file, and also >> hard to know what you have changed. >> > This came to my mind, but it seems to me it's a configuration and not a > patch. Some distribution as debian generate their own. > >>> ${@bb.utils.contains('PACKAGECONFIG', >>> 'polkit_hostnamed_fallback', >>> 'file://org.freedesktop.hostname1_no_polkit.conf', '', d)} \ >>> ${@bb.utils.contains('PACKAGECONFIG', >>> 'polkit_hostnamed_fallback', 'file://00-hostnamed-network-user.conf', >>> '', d)} \ >>> file://init \ >>> @@ -252,6 +253,10 @@ EXTRA_OEMESON += "-Dkexec-path=${sbindir}/kexec \ >>> # The 60 seconds is watchdog's default vaule. >>> WATCHDOG_TIMEOUT ??= "60" >>> >>> +do_configure:prepend() { >>> + sed s@:ROOT_HOME:@${ROOT_HOME}@g ${WORKDIR}/basic.conf.in > >>> ${S}/sysusers.d/basic.conf.in >> >> Please indent shell code using tabs, and change the command to: >> >> sed -i s@:ROOT_HOME:@${ROOT_HOME}@g ${S}/sysusers.d/basic.conf.in >> >> once you have added the patch as per above. That's incorrect as the source and destination are different. Perhaps I should call the initial file basic.conf.in.in if it's more clear. >> >> However, I am wondering if this has to be done during do_configure()? >> It might become confusing if you ever `devtool modify systemd` (which >> we do). Wouldn't it be better to do it on the installed file in the >> do_install() below instead? This file is used at compilation to produce the basic.conf file. So it's needed after the configuration. What would go wrong with devtool ? >> >>> +} >>> + >>> do_install() { >>> meson_do_install >>> install -d ${D}/${base_sbindir} >>> Louis
> -----Original Message----- > From: Louis Rannou <lrannou@baylibre.com> > Sent: den 29 juni 2023 15:04 > To: Peter Kjellerstedt <peter.kjellerstedt@axis.com>; openembedded- > core@lists.openembedded.org > Cc: anuj.mittal@intel.com > Subject: Re: [OE-core] [PATCH 2/3] systemd: replace the sysusers.d basic > configuration > > Hello, please find an answer to the last comment > > On 19/06/2023 14:10, Louis Rannou wrote: > > Hello, > > > > On 16/06/2023 18:51, Peter Kjellerstedt wrote: > >>> -----Original Message----- > >>> From: openembedded-core@lists.openembedded.org > >>> <openembedded-core@lists.openembedded.org> On Behalf Of Louis Rannou > >>> Sent: den 15 juni 2023 13:44 > >>> To: openembedded-core@lists.openembedded.org > >>> Cc: Louis Rannou <lrannou@baylibre.com>; anuj.mittal@intel.com > >>> Subject: [OE-core] [PATCH 2/3] systemd: replace the sysusers.d basic > >>> configuration > >>> > >>> The default sysusers basic.conf.in file sets the root home directory > >>> to `/root` > >>> and does not permit its configuration. Replace the file delivered by > >>> systemd so > >>> the root home directory matches the `ROOT_HOME` variable. > >>> > >>> Signed-off-by: Louis Rannou <lrannou@baylibre.com> > >>> --- > >>> meta/recipes-core/systemd/systemd/basic.conf.in | 40 > >>> +++++++++++++++++++++++++ > >>> meta/recipes-core/systemd/systemd_253.3.bb | 5 ++++ > >>> 2 files changed, 45 insertions(+) > >>> > >>> diff --git a/meta/recipes-core/systemd/systemd/basic.conf.in > >>> b/meta/recipes-core/systemd/systemd/basic.conf.in > >>> new file mode 100644 > >>> index 0000000000..fac288f7fa > >>> --- /dev/null > >>> +++ b/meta/recipes-core/systemd/systemd/basic.conf.in > >>> @@ -0,0 +1,40 @@ > >>> +# This file is part of systemd. > >>> +# > >>> +# systemd is free software; you can redistribute it and/or modify it > >>> +# under the terms of the GNU Lesser General Public License as > >>> published by > >>> +# the Free Software Foundation; either version 2.1 of the License, > or > >>> +# (at your option) any later version. > >>> + > >>> +# The superuser > >>> +u root 0 "root" :ROOT_HOME: > >>> + > >>> +# The nobody user/group for NFS file systems > >>> +g {{NOBODY_GROUP_NAME}} 65534 - - > >>> +u {{NOBODY_USER_NAME }} 65534:65534 "Nobody" - > >>> + > >>> +# Administrator group: can *see* more than normal users > >>> +g adm {{ADM_GID }} - - > >>> + > >>> +# Administrator group: can *do* more than normal users > >>> +g wheel {{WHEEL_GID }} - - > >>> + > >>> +# Access to shared database of users on the system > >>> +g utmp {{UTMP_GID }} - - > >>> + > >>> +# Physical and virtual hardware access groups > >>> +g audio {{AUDIO_GID }} - - > >>> +g cdrom {{CDROM_GID }} - - > >>> +g dialout {{DIALOUT_GID}} - - > >>> +g disk {{DISK_GID }} - - > >>> +g input {{INPUT_GID }} - - > >>> +g kmem {{KMEM_GID }} - - > >>> +g kvm {{KVM_GID }} - - > >>> +g lp {{LP_GID }} - - > >>> +g render {{RENDER_GID }} - - > >>> +g sgx {{SGX_GID }} - - > >>> +g tape {{TAPE_GID }} - - > >>> +g tty {{TTY_GID }} - - > >>> +g video {{VIDEO_GID }} - - > >>> + > >>> +# Default group for normal users > >>> +g users {{USERS_GID }} - - > >>> diff --git a/meta/recipes-core/systemd/systemd_253.3.bb > >>> b/meta/recipes-core/systemd/systemd_253.3.bb > >>> index 45dc6ab5bb..87fbf6f785 100644 > >>> --- a/meta/recipes-core/systemd/systemd_253.3.bb > >>> +++ b/meta/recipes-core/systemd/systemd_253.3.bb > >>> @@ -17,6 +17,7 @@ REQUIRED_DISTRO_FEATURES = "systemd" > >>> SRC_URI += " \ > >>> file://touchscreen.rules \ > >>> file://00-create-volatile.conf \ > >>> + file://basic.conf.in \ > >> > >> Instead of including a modified copy of the basic.conf.in file > >> from systemd, include a patch that modifies the file that systemd > >> provides. Otherwise this becomes a maintenance problem where it > >> is easy to miss changes that upstream does to the file, and also > >> hard to know what you have changed. > >> > > This came to my mind, but it seems to me it's a configuration and not a > > patch. Some distribution as debian generate their own. > > > >>> ${@bb.utils.contains('PACKAGECONFIG', 'polkit_hostnamed_fallback', 'file://org.freedesktop.hostname1_no_polkit.conf', '', d)} \ > >>> ${@bb.utils.contains('PACKAGECONFIG', 'polkit_hostnamed_fallback', 'file://00-hostnamed-network-user.conf', '', d)} \ > >>> file://init \ > >>> @@ -252,6 +253,10 @@ EXTRA_OEMESON += "-Dkexec-path=${sbindir}/kexec \ > >>> # The 60 seconds is watchdog's default vaule. > >>> WATCHDOG_TIMEOUT ??= "60" > >>> > >>> +do_configure:prepend() { > >>> + sed s@:ROOT_HOME:@${ROOT_HOME}@g ${WORKDIR}/basic.conf.in > ${S}/sysusers.d/basic.conf.in > >> > >> Please indent shell code using tabs, and change the command to: > >> > >> sed -i s@:ROOT_HOME:@${ROOT_HOME}@g ${S}/sysusers.d/basic.conf.in > >> > >> once you have added the patch as per above. > > That's incorrect as the source and destination are different. Perhaps I > should call the initial file basic.conf.in.in if it's more clear. Note the "once you have added the patch" part. I.e., once you have added a patch to modify the basic.conf.in that systemd provides, the above command should work. However, depending on whether systemd´s build system actually uses the path provided in the basic.conf.in file (which I doubt), a better way would be do run the sed above on the installed basic.conf file. I.e., use a patch to modify basic.conf.in to contain ":ROOT_HOME:" instead of what path systemd upstream provides, and then use sed in do_install:append to replace ":ROOT_HOME:" with "${ROOT_HOME}" in the installed basic.conf file. > > >> > >> However, I am wondering if this has to be done during do_configure()? > >> It might become confusing if you ever `devtool modify systemd` (which > >> we do). Wouldn't it be better to do it on the installed file in the > >> do_install() below instead? > This file is used at compilation to produce the basic.conf file. So it's > needed after the configuration. What would go wrong with devtool ? The change that sed makes would be seen as a change to the sources checked out by devtool, and thus you risk someone accidentally committing it when they make other changes to systemd using devtool modify. > > >> > >>> +} > >>> + > >>> do_install() { > >>> meson_do_install > >>> install -d ${D}/${base_sbindir} > >>> > > Louis //Peter
diff --git a/meta/recipes-core/systemd/systemd/basic.conf.in b/meta/recipes-core/systemd/systemd/basic.conf.in new file mode 100644 index 0000000000..fac288f7fa --- /dev/null +++ b/meta/recipes-core/systemd/systemd/basic.conf.in @@ -0,0 +1,40 @@ +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +# The superuser +u root 0 "root" :ROOT_HOME: + +# The nobody user/group for NFS file systems +g {{NOBODY_GROUP_NAME}} 65534 - - +u {{NOBODY_USER_NAME }} 65534:65534 "Nobody" - + +# Administrator group: can *see* more than normal users +g adm {{ADM_GID }} - - + +# Administrator group: can *do* more than normal users +g wheel {{WHEEL_GID }} - - + +# Access to shared database of users on the system +g utmp {{UTMP_GID }} - - + +# Physical and virtual hardware access groups +g audio {{AUDIO_GID }} - - +g cdrom {{CDROM_GID }} - - +g dialout {{DIALOUT_GID}} - - +g disk {{DISK_GID }} - - +g input {{INPUT_GID }} - - +g kmem {{KMEM_GID }} - - +g kvm {{KVM_GID }} - - +g lp {{LP_GID }} - - +g render {{RENDER_GID }} - - +g sgx {{SGX_GID }} - - +g tape {{TAPE_GID }} - - +g tty {{TTY_GID }} - - +g video {{VIDEO_GID }} - - + +# Default group for normal users +g users {{USERS_GID }} - - diff --git a/meta/recipes-core/systemd/systemd_253.3.bb b/meta/recipes-core/systemd/systemd_253.3.bb index 45dc6ab5bb..87fbf6f785 100644 --- a/meta/recipes-core/systemd/systemd_253.3.bb +++ b/meta/recipes-core/systemd/systemd_253.3.bb @@ -17,6 +17,7 @@ REQUIRED_DISTRO_FEATURES = "systemd" SRC_URI += " \ file://touchscreen.rules \ file://00-create-volatile.conf \ + file://basic.conf.in \ ${@bb.utils.contains('PACKAGECONFIG', 'polkit_hostnamed_fallback', 'file://org.freedesktop.hostname1_no_polkit.conf', '', d)} \ ${@bb.utils.contains('PACKAGECONFIG', 'polkit_hostnamed_fallback', 'file://00-hostnamed-network-user.conf', '', d)} \ file://init \ @@ -252,6 +253,10 @@ EXTRA_OEMESON += "-Dkexec-path=${sbindir}/kexec \ # The 60 seconds is watchdog's default vaule. WATCHDOG_TIMEOUT ??= "60" +do_configure:prepend() { + sed s@:ROOT_HOME:@${ROOT_HOME}@g ${WORKDIR}/basic.conf.in > ${S}/sysusers.d/basic.conf.in +} + do_install() { meson_do_install install -d ${D}/${base_sbindir}
The default sysusers basic.conf.in file sets the root home directory to `/root` and does not permit its configuration. Replace the file delivered by systemd so the root home directory matches the `ROOT_HOME` variable. Signed-off-by: Louis Rannou <lrannou@baylibre.com> --- meta/recipes-core/systemd/systemd/basic.conf.in | 40 +++++++++++++++++++++++++ meta/recipes-core/systemd/systemd_253.3.bb | 5 ++++ 2 files changed, 45 insertions(+)