search

ilbers / isar

Integration System for Automated Root filesystem generation
Other
177 stars 72 forks source link

do_rootfs_quality_check reports warnings when adding >1 new users #98

Closed developerdong closed 10 months ago

developerdong commented 10 months ago

Problem description

WARNING: img-1.0-r0 do_rootfs_quality_check: Files changed after package install. The following files seem
WARNING: img-1.0-r0 do_rootfs_quality_check: to have changed where they probably should not have.
WARNING: img-1.0-r0 do_rootfs_quality_check: You might have a custom task or writing POSTPROCESS function.
WARNING: img-1.0-r0 do_rootfs_quality_check: /build/tmp/work/debian-bullseye-amd64/img-vmware/1.0-r0/rootfs/etc/subgid-
/build/tmp/work/debian-bullseye-amd64/img-vmware/1.0-r0/rootfs/etc/subuid-
/build/tmp/work/debian-bullseye-amd64/img-vmware/1.0-r0/rootfs/etc/passwd-

When add >1 new users in bb files, do_rootfs_quality_check reports this warning. For example:

USERS = "user1" is fine, because it only creates one new user. USERS = "user1 user2" is problematic, because it creates two new users. USERS = "user1 daemon" is fine, because daemon is an existing user, only user1 is newly created. USERS = "user1 user2 daemon" is not ok, because there are still two new users except for daemon.

Expected / desired behavior

No warnings when adding >1 new users.

Actual behavior

There are warnings.

How to reproduce

Add USERS += "user1 user2" in your bb files, build it, then you can see the warnings.

Possible root cause

Here is the print when I execute useradd in a debian 11 docker container.

root@c2b0dff21c2f:/# ls -l /etc/ | grep -E 'passwd|sub' 
-rw-r--r-- 1 root root     922 Dec 19  2022 passwd
-rw-r--r-- 1 root root     922 Dec 19  2022 passwd-
-rw-r--r-- 1 root root       0 Dec 19  2022 subgid
-rw-r--r-- 1 root root       0 Dec 19  2022 subuid
root@c2b0dff21c2f:/# useradd user1
root@c2b0dff21c2f:/# ls -l /etc/ | grep -E 'passwd|sub' 
-rw-r--r-- 1 root root     961 Oct 19 03:56 passwd
-rw-r--r-- 1 root root     922 Dec 19  2022 passwd-
-rw-r--r-- 1 root root      19 Oct 19 03:56 subgid
-rw-r--r-- 1 root root       0 Dec 19  2022 subgid-
-rw-r--r-- 1 root root      19 Oct 19 03:56 subuid
-rw-r--r-- 1 root root       0 Dec 19  2022 subuid-
root@c2b0dff21c2f:/# useradd user2
root@c2b0dff21c2f:/# ls -l /etc/ | grep -E 'passwd|sub' 
-rw-r--r-- 1 root root    1000 Oct 19 03:56 passwd
-rw-r--r-- 1 root root     961 Oct 19 03:56 passwd-
-rw-r--r-- 1 root root      38 Oct 19 03:56 subgid
-rw-r--r-- 1 root root      19 Oct 19 03:56 subgid-
-rw-r--r-- 1 root root      38 Oct 19 03:56 subuid
-rw-r--r-- 1 root root      19 Oct 19 03:56 subuid-

From the print, we can see that some files are created/changed. In image_create_users, useradd is executed, which is indirectly included in ROOTFS_POSTPROCESS_COMMAND.

Meanwhile, subgid-, subuid-, and passwd- are not ignored in do_rootfs_quality_check.

Possible solution

Ignore subgid-, subuid-, and passwd- in do_rootfs_quality_check.

jan-kiszka commented 10 months ago

Looks like a valid finding to me. Do you want to write such a patch and send it to the mailing list?

amikan commented 10 months ago

@developerdong thanks for detailed analysis, this really need to be fixed. @jan-kiszka I will send a patch to the maillist soon if no objections.

jan-kiszka commented 10 months ago

@amikan I would have used that as training for a potential new contributor :wink: - if @developerdong is interested.