169 lines
5.4 KiB
Diff
169 lines
5.4 KiB
Diff
From 234706084d8203a22eb984b1ef3646a15f8a9a1b Mon Sep 17 00:00:00 2001
|
|
From: Florian Festi <ffesti@redhat.com>
|
|
Date: Mon, 18 Nov 2024 14:16:29 +0100
|
|
Subject: [PATCH] Support new u! command in sysusers files
|
|
|
|
systemd 257 defines a new modifier ! for u entries that locks the
|
|
account by setting it as expired.
|
|
|
|
See https://github.com/systemd/systemd/commit/2ec7977e1b100c1717d95417e6d825fbf939f7b3
|
|
|
|
Resolves: #3450
|
|
---
|
|
docs/manual/users_and_groups.md | 8 ++++----
|
|
macros.in | 2 +-
|
|
scripts/sysusers.sh | 21 ++++++++++++++++-----
|
|
tests/data/SPECS/klang.spec | 2 +-
|
|
tests/rpmi.at | 8 ++++++--
|
|
5 files changed, 28 insertions(+), 13 deletions(-)
|
|
|
|
diff --git a/docs/manual/users_and_groups.md b/docs/manual/users_and_groups.md
|
|
index 3950b594b5..aee103f1c2 100644
|
|
--- a/docs/manual/users_and_groups.md
|
|
+++ b/docs/manual/users_and_groups.md
|
|
@@ -41,10 +41,10 @@ to weaken these into recommends-dependencies by setting
|
|
|
|
## Limitations
|
|
|
|
-At this time, rpm only supports the `u`, `g` and (since RPM 4.20) `m`
|
|
-directives of sysusers.d format and ignores others. If other
|
|
-directives are needed, the package will need to call systemd-sysusers
|
|
-with the correct arguments manually.
|
|
+At this time, rpm only supports the `u`, `g`, (since RPM 4.20) `m`
|
|
+and (since RPM 6.0) the `u!` directives of sysusers.d format and
|
|
+ignores others. If other directives are needed, the package will need
|
|
+to call systemd-sysusers with the correct arguments manually.
|
|
|
|
## Technical details
|
|
|
|
diff --git a/macros.in b/macros.in
|
|
index cb07970e13..00c9d07715 100644
|
|
--- a/macros.in
|
|
+++ b/macros.in
|
|
@@ -1367,7 +1367,7 @@ end
|
|
name = arg[2]
|
|
if arg[1] == 'g' then
|
|
type = 'group'
|
|
- elseif arg[1] == 'u' then
|
|
+ elseif arg[1] == 'u' or arg[1] == 'u!' then
|
|
type = 'user'
|
|
elseif arg[1] == 'm' and #arg >=3 then
|
|
type = 'groupmember'
|
|
diff --git a/scripts/sysusers.sh b/scripts/sysusers.sh
|
|
index 22ae5f23e6..d945b281bd 100755
|
|
--- a/scripts/sysusers.sh
|
|
+++ b/scripts/sysusers.sh
|
|
@@ -72,6 +72,7 @@ user() {
|
|
local group="$4"
|
|
local home="$5"
|
|
local shell="$6"
|
|
+ local expire="$7"
|
|
|
|
[ "$desc" = '-' ] && desc=
|
|
{ [ "$home" = '-' ] || [ "$home" = '' ]; } && home=/
|
|
@@ -90,6 +91,10 @@ user() {
|
|
fi
|
|
fi
|
|
fi
|
|
+
|
|
+ if [[ $expire ]]; then
|
|
+ usermod -e 1 "${user}"
|
|
+ fi
|
|
}
|
|
|
|
group() {
|
|
@@ -109,13 +114,13 @@ addtogroup() {
|
|
local group="$2"
|
|
|
|
group "${group}" "-"
|
|
- user "${user}" "-" "" "${group}" "" ""
|
|
+ user "${user}" "-" "" "${group}" "" "" ""
|
|
|
|
usermod -R "$ROOT" -a -G "${group}" "$user" || :
|
|
}
|
|
|
|
parse() {
|
|
- local line arr
|
|
+ local line arr expire
|
|
|
|
while read -r line || [ -n "$line" ] ; do
|
|
{ [ "${line:0:1}" = '#' ] || [ "${line:0:1}" = ';' ]; } && continue
|
|
@@ -123,13 +128,19 @@ parse() {
|
|
[ -z "$line" ] && continue
|
|
mapfile -t arr < <(xargs -n1 <<<"$line")
|
|
|
|
+ expire=""
|
|
+
|
|
case "${arr[0]}" in
|
|
- ('u')
|
|
+ ('u' | 'u!')
|
|
+ if [[ "${arr[0]}" == 'u!' ]]; then
|
|
+ expire="1";
|
|
+ fi
|
|
+
|
|
if [[ "${arr[2]}" == *":"* ]]; then
|
|
- user "${arr[1]}" "${arr[2]%:*}" "${arr[3]}" "${arr[2]#*:}" "${arr[4]}" "${arr[5]}"
|
|
+ user "${arr[1]}" "${arr[2]%:*}" "${arr[3]}" "${arr[2]#*:}" "${arr[4]}" "${arr[5]}" $expire
|
|
else
|
|
group "${arr[1]}" "${arr[2]}"
|
|
- user "${arr[1]}" "${arr[2]}" "${arr[3]}" "${arr[1]}" "${arr[4]}" "${arr[5]}"
|
|
+ user "${arr[1]}" "${arr[2]}" "${arr[3]}" "${arr[1]}" "${arr[4]}" "${arr[5]}" $expire
|
|
fi
|
|
;;
|
|
('g')
|
|
diff --git a/tests/data/SPECS/klang.spec b/tests/data/SPECS/klang.spec
|
|
index cc35b87bd4..6d71de6ea0 100644
|
|
--- a/tests/data/SPECS/klang.spec
|
|
+++ b/tests/data/SPECS/klang.spec
|
|
@@ -47,7 +47,7 @@ EOF
|
|
cat << EOF > ${RPM_BUILD_ROOT}/%{_sysusersdir}/plong.conf
|
|
|
|
# Real life files have all sorts of anomalies
|
|
-u plong - "Plong fu" /var/lib/plong /sbin/nologin
|
|
+u! plong - "Plong fu" /var/lib/plong /sbin/nologin
|
|
#...such as empty lines
|
|
|
|
# and comments comments
|
|
diff --git a/tests/rpmi.at b/tests/rpmi.at
|
|
index 7ea6a75207..6c7b84cdfe 100644
|
|
--- a/tests/rpmi.at
|
|
+++ b/tests/rpmi.at
|
|
@@ -1589,7 +1589,7 @@ group(klong) = ZyBrbG9uZyAt
|
|
group(plong)
|
|
groupmember(klangd/klong) = bSBrbGFuZ2Qga2xvbmcA
|
|
user(klangd) = dSBrbGFuZ2QgLSAiS2xhbmcgc2VydmVyIiAvdmFyL2xpYi9rbGFuZ2QgL3NiaW4vbm9sb2dpbgAA
|
|
-user(plong) = dSBwbG9uZyAtICJQbG9uZyBmdSIgL3Zhci9saWIvcGxvbmcgL3NiaW4vbm9sb2dpbgAA
|
|
+user(plong) = dSEgcGxvbmcgLSAiUGxvbmcgZnUiIC92YXIvbGliL3Bsb25nIC9zYmluL25vbG9naW4A
|
|
],
|
|
[warning: ignoring unsupported sysuser type: r
|
|
])
|
|
@@ -1618,7 +1618,7 @@ group(klong) = ZyBrbG9uZyAt
|
|
group(plong)
|
|
groupmember(klangd/klong) = bSBrbGFuZ2Qga2xvbmcA
|
|
user(klangd) = dSBrbGFuZ2QgLSAiS2xhbmcgc2VydmVyIiAvdmFyL2xpYi9rbGFuZ2QgL3NiaW4vbm9sb2dpbgAA
|
|
-user(plong) = dSBwbG9uZyAtICJQbG9uZyBmdSIgL3Zhci9saWIvcGxvbmcgL3NiaW4vbm9sb2dpbgAA
|
|
+user(plong) = dSEgcGxvbmcgLSAiUGxvbmcgZnUiIC92YXIvbGliL3Bsb25nIC9zYmluL25vbG9naW4A
|
|
],
|
|
[warning: ignoring unsupported sysuser type: r
|
|
])
|
|
@@ -1660,15 +1660,19 @@ runroot rpm -V ${VERIFYOPTS} klang-client klang-common
|
|
RPMTEST_CHECK([
|
|
runroot rpm -U /build/RPMS/noarch/klang-server-1.0-1.noarch.rpm
|
|
runroot_other grep ^klangd /etc/passwd | cut -f1 -d:
|
|
+runroot_other chage -l klangd | grep "Account expires" | cut -f2 -d:
|
|
runroot_other grep ^klangd /etc/group | cut -f1 -d:
|
|
runroot_other grep ^plong /etc/passwd | cut -f1 -d:
|
|
+runroot_other chage -l plong | grep "Account expires" | cut -f2 -d:
|
|
runroot_other grep ^klong /etc/group | cut -f4 -d:
|
|
runroot rpm -V ${VERIFYOPTS} klang-server
|
|
],
|
|
[0],
|
|
[klangd
|
|
+ never
|
|
klangd
|
|
plong
|
|
+ Jan 02, 1970
|
|
klangd
|
|
],
|
|
[ignore])
|