@@ -72,9 +72,22 @@ do_install () {
inherit useradd
USERADD_PACKAGES = "${PN}"
GROUPADD_PARAM:${PN} = "-r parsec"
-USERADD_PARAM:${PN} = "-r -g parsec -s /usr/sbin/nologin -d ${localstatedir}/lib/parsec parsec"
-GROUPMEMS_PARAM:${PN} = "${@bb.utils.contains('PACKAGECONFIG_CONFARGS', 'tpm-provider', '-a parsec -g tss ;', '', d)}"
-GROUPMEMS_PARAM:${PN} += "${@bb.utils.contains('PACKAGECONFIG_CONFARGS', 'trusted-service-provider', '-a parsec -g tee', '', d)}"
+USERADD_PARAM:${PN} = "\
+ --system \
+ --gid parsec \
+ --shell /usr/sbin/nologin \
+ --home-dir ${localstatedir}/lib/parsec \
+ ${@parsec_groups(d)} \
+ parsec"
+
+def parsec_groups(d):
+ groups = []
+ config = d.getVar("PACKAGECONFIG").split()
+ if "TPM" in config:
+ groups.append("tss")
+ if "TS" in config:
+ groups.append("teeclnt")
+ return "--groups " + ",".join(groups) if groups else ""
FILES:${PN} += " \
${sysconfdir}/parsec/config.toml \
Instead of calling groupmems after creating the user, we can tell useradd to do the group membership when creating the user. There are several reasons for this: 1) Consolidation of the calls into a single call means creation is atomic, it either worked or it did not. 2) The existing logic doesn't work if both TPM and TS were enabled. 3) GROUPMEMS_PARAM is broken in oe-core master[1] and this will not be fixed as groupmems has been removed from shadow[2]. Instead, construct a list of groups that parsec needs to be a member of, and pass them to useradd. [1] https://bugzilla.yoctoproject.org/show_bug.cgi?id=16277 [2] shadow 388ce70 "*/: groupmems(8): Remove program" Signed-off-by: Ross Burton <ross.burton@arm.com> --- .../parsec-service/parsec-service_1.5.0.bb | 19 ++++++++++++++++--- 1 file changed, 16 insertions(+), 3 deletions(-)