[Buildroot] [PATCH v2] package/openssh: Add sysusers.d snippet

Chris Lesiak chris.lesiak at licor.com
Mon Dec 17 15:07:26 UTC 2018 

Yann,

Thanks for the review.

On 12/16/18 7:45 AM, Yann E. MORIN wrote:
> Chris, All,
>
> Sorry for thr huge delay in replying to this patch of your...
>
> On 2018-02-16 12:10 -0600, Chris Lesiak spake thusly:
>> Signed-off-by: Chris Lesiak <chris.lesiak at licor.com>
>> diff --git a/package/openssh/openssh.mk b/package/openssh/openssh.mk
>> index 6b7ac22c19..5d099ceb13 100644
>> --- a/package/openssh/openssh.mk
>> +++ b/package/openssh/openssh.mk
>> @@ -60,12 +60,20 @@ else
>>   OPENSSH_CONF_OPTS += --without-selinux
>>   endif
>>   
>> +ifeq ($(BR2_PACKAGE_SYSTEMD_SYSUSERS),y)
>> +define OPENSSH_INSTALL_SYSTEMD_SYSUSERS
>> +	$(INSTALL) -m 0644 -D package/openssh/sshd_sysusers.conf \
>> +		$(TARGET_DIR)/usr/lib/sysusers.d/sshd.conf
>> +endef
>> +endif
>> +
>>   define OPENSSH_INSTALL_INIT_SYSTEMD
>>   	$(INSTALL) -D -m 644 package/openssh/sshd.service \
>>   		$(TARGET_DIR)/usr/lib/systemd/system/sshd.service
>>   	mkdir -p $(TARGET_DIR)/etc/systemd/system/multi-user.target.wants
>>   	ln -fs ../../../../usr/lib/systemd/system/sshd.service \
>>   		$(TARGET_DIR)/etc/systemd/system/multi-user.target.wants/sshd.service
>> +	$(OPENSSH_INSTALL_SYSTEMD_SYSUSERS)
>>   endef
>>   
>>   define OPENSSH_INSTALL_INIT_SYSV
>> diff --git a/package/openssh/sshd_sysusers.conf b/package/openssh/sshd_sysusers.conf
>> new file mode 100644
>> index 0000000000..3ea46f65c6
>> --- /dev/null
>> +++ b/package/openssh/sshd_sysusers.conf
>> @@ -0,0 +1,5 @@
>> +# sysusers.d snippet for creating the sshd system user automatically
>> +# at boot on systemd-based systems that ship with an unpopulated
>> +# /etc. See sysusers.d(5) for details.
> No need for this boilerplate (which ends up being much bigger than the
> actual content...)
>
>> +u sshd - "Privilege-separated SSH"
> We've discussed this a bit with Thomas, and there is one thing that we
> did not like much, is that it is not integrated nicely in the existing
> users support in Buildroot.
>
> Shouldn't we have a generic mechanism, that takes all the FOO_USERS, and
> turns them into sysusers.d(%) entries? Maybe something like:
>
>      define SYSTEMD_SYSUSERS
>          mkdir -p $(TARGET_DIR)/usr/lib/sysusers.d/
>          echo "$(PACKAGES_USERS)" \
>          |while read user uid group gid passwd home shell groups comment; do
>              printf "u %s %s %s\n" "${user}" "${uid}" "${comment}"
>          done >$(TARGET_DIR)/usr/lib/sysusers.d/buildroot.conf
>          # And similarly for groups...
>      endef
>      SYSTEMD_POST_TARGET_FINALIZE_HOOKS = SYSTEMD_SYSUSERS
>
> Regards,
> Yann E. MORIN.
>
That looks like a good idea, but I don't know how to handle upstream 
packages that already create sysusers.d drop-ins.

Examples that I know of from my own build include:

     systemd - Creates basic.conf, systemd.conf, and systemd-remote.conf

     dbus - Creates dbus.conf


Is there a reason (other than storage cost) to prefer a single 
buildroot.conf drop-in file instead of one per package?

Sincerely,

Chris Lesiak


-- 
Chris Lesiak
Principal Design Engineer, Software
LI-COR Biosciences
4647 Superior Street
Lincoln, NE 68504 USA
chris.lesiak at licor.com

More information about the buildroot mailing list