base-passwd/useradd: Various improvements to useradd with RSS

Currently there are multiple issues with useradd:

* If base-passwd rebuilds, it wipes out recipe specific user/group additions
  to sysroots and causes errors
* If recipe A adds a user and recipe B depends on A, it can't see any of the
  users/groups A adds.

This patch changes base-passwd so it always works as a postinst script
within the sysroot and copies in the master files, then runs any
postinst-useradd-* scripts afterwards to add additional user/groups.

The postinst-useradd-* scripts are tweaked so that if /etc/passwd doesn't exist
they just exit, knowning they'll be executed later. We also add a dummy entry to
the dummy passwd file from pseudo so we can avoid this too.

There is a problem where if recipe A adds a user and recipe B depends on A but
doesn't care about users, it may not have a dependency on the useradd/groupadd
tools which would therefore not be available in B's sysroot. We therefore also
tweak postinst-useradd-* scripts so that if the tools aren't present we simply
don't add users. If you need the users, you add a dependency on the tools in the
recipe and they'll be added.

We add postinst-* to SSTATE_SCAN_FILES since almost any postinst script of this
kind is going to need relocation help.

We also ensure that the postinst-useradd script is written into the sstate
object as the current script was only being added in a recipe local way.

Thanks to Peter Kjellerstedt <pkj@axis.com> and Patrick Ohly for some pieces
of this patch.

[Yocto #11124]

(From OE-Core rev: 1b5afaf437f7a1107d4edca8eeb668b9618a5488)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

meta/classes/sstate.bbclass

@@ -31,7 +31,7 @@ SSTATE_DUPWHITELIST += "${STAGING_ETCDIR_NATIVE}/sgml ${STAGING_DATADIR_NATIVE}/
 # Archive the sources for many architectures in one deploy folder
 SSTATE_DUPWHITELIST += "${DEPLOY_DIR_SRC}"
 
-SSTATE_SCAN_FILES ?= "*.la *-config *_config"
+SSTATE_SCAN_FILES ?= "*.la *-config *_config postinst-*"
 SSTATE_SCAN_CMD ??= 'find ${SSTATE_BUILDDIR} \( -name "${@"\" -o -name \"".join(d.getVar("SSTATE_SCAN_FILES").split())}" \) -type f'
 SSTATE_SCAN_CMD_NATIVE ??= 'grep -Irl -e ${RECIPE_SYSROOT} -e ${RECIPE_SYSROOT_NATIVE} ${SSTATE_BUILDDIR}'
 

meta/classes/useradd.bbclass

@@ -106,6 +106,21 @@ useradd_sysroot () {
 	# before do_prepare_recipe_sysroot
 	D=${STAGING_DIR_TARGET}
 
+	# base-passwd's postinst may not have run yet in which case we'll get called later, just exit.
+	# Beware that in some cases we might see the fake pseudo passwd here, in which case we also must
+	# exit.
+	if [ ! -f $D${sysconfdir}/passwd ] ||
+			grep -q this-is-the-pseudo-passwd $D${sysconfdir}/passwd; then
+		exit 0
+	fi
+
+	# It is also possible we may be in a recipe which doesn't have useradd dependencies and hence the
+	# useradd/groupadd tools are unavailable. If there is no dependency, we assume we don't want to
+	# create users in the sysroot
+	if ! command -v useradd; then
+		exit 0
+	fi
+
 	# Add groups and users defined for all recipe packages
 	GROUPADD_PARAM="${@get_all_cmd_params(d, 'groupadd')}"
 	USERADD_PARAM="${@get_all_cmd_params(d, 'useradd')}"
@@ -122,6 +137,7 @@ python useradd_sysroot_sstate () {
     if task == "package_setscene":
         bb.build.exec_func("useradd_sysroot", d)
     elif task == "prepare_recipe_sysroot":
+        # Used to update this recipe's own sysroot so the user/groups are available to do_install
         scriptfile = d.expand("${RECIPE_SYSROOT}${bindir}/postinst-useradd-${PN}")
         bb.utils.mkdirhier(os.path.dirname(scriptfile))
         with open(scriptfile, 'w') as script:
@@ -130,12 +146,23 @@ python useradd_sysroot_sstate () {
             script.write("useradd_sysroot\n")
         os.chmod(scriptfile, 0o755)
         bb.build.exec_func("useradd_sysroot", d)
+    elif task == "populate_sysroot":
+        # Used when installed in dependent task sysroots
+        scriptfile = d.expand("${SYSROOT_DESTDIR}${bindir}/postinst-useradd-${PN}")
+        bb.utils.mkdirhier(os.path.dirname(scriptfile))
+        with open(scriptfile, 'w') as script:
+            script.write("#!/bin/sh\n")
+            bb.data.emit_func("useradd_sysroot", script, d)
+            script.write("useradd_sysroot\n")
+        os.chmod(scriptfile, 0o755)
 }
 
 do_prepare_recipe_sysroot[postfuncs] += "${SYSROOTFUNC}"
 SYSROOTFUNC_class-target = "useradd_sysroot_sstate"
 SYSROOTFUNC = ""
 
+SYSROOT_PREPROCESS_FUNCS += "${SYSROOTFUNC}"
+
 SSTATEPREINSTFUNCS_append_class-target = " useradd_sysroot_sstate"
 
 do_package_setscene[depends] += "${USERADDSETSCENEDEPS}"

meta/recipes-core/base-passwd/base-passwd_3.5.29.bb

@@ -43,16 +43,32 @@ do_install () {
 	install -p -m 644 ${S}/debian/copyright ${D}${docdir}/${BPN}/
 }
 
+basepasswd_sysroot_postinst() {
+#!/bin/sh
+
+# Install passwd.master and group.master to sysconfdir
+install -d -m 755 ${STAGING_DIR_TARGET}${sysconfdir}
+for i in passwd group; do
+	install -p -m 644 ${STAGING_DIR_TARGET}${datadir}/base-passwd/\$i.master \
+		${STAGING_DIR_TARGET}${sysconfdir}/\$i
+done
+
+# Run any useradd postinsts
+for script in ${STAGING_DIR_TARGET}${bindir}/postinst-useradd-*; do
+	if [ -f \$script ]; then
+		\$script
+	fi
+done
+}
+
 SYSROOT_DIRS += "${sysconfdir}"
 SYSROOT_PREPROCESS_FUNCS += "base_passwd_tweaksysroot"
 
 base_passwd_tweaksysroot () {
-	# Install passwd.master and group.master to sysconfdir
-	install -d -m 755 ${SYSROOT_DESTDIR}${sysconfdir}
-	for i in passwd group; do
-		install -p -m 644 ${SYSROOT_DESTDIR}${datadir}/base-passwd/$i.master \
-			${SYSROOT_DESTDIR}${sysconfdir}/$i
-	done
+	mkdir -p ${SYSROOT_DESTDIR}${bindir}
+	dest=${SYSROOT_DESTDIR}${bindir}/postinst-${PN}
+	echo "${basepasswd_sysroot_postinst}" > $dest
+	chmod 0755 $dest
 }
 
 python populate_packages_prepend() {

meta/recipes-devtools/pseudo/files/fallback-passwd

@@ -1,2 +1,3 @@
 root::0:0:root:/home/root:/bin/sh
+pseudopasswd:*:1:1:this-is-the-pseudo-passwd:/nonexistent:/bin/sh
 nobody:*:65534:65534:nobody:/nonexistent:/bin/sh