From: Maik Vermeulen <maik@quatt.io>
To: yocto@lists.yoctoproject.org
Subject: EXTRA_USERS_PARAMS and recipe file ownership
Date: Fri, 19 Apr 2024 16:29:28 +0200 [thread overview]
Message-ID: <CALEqzqcC1PrqzEuQRe3W-6z75QgcpN9jBAaoseOGKEyGFZQsXA@mail.gmail.com> (raw)
[-- Attachment #1.1: Type: text/plain, Size: 1788 bytes --]
Hi,
I'm wondering what the best practice is for centrally creating and
configuring users and groups, and then having certain recipes installing
files with ownership according to those users and groups.
So far we've used EXTRA_USERS_PARAMS to create a bunch of users and groups,
to segregate their responsibilities and rights/permissions as well as we
can.
We used to use a pkg_postinst_ontarget() in the recipes to set their file
permissions correctly, because the users and groups created by the
extrausers.bbclass weren't available during e.g. the recipe's do_install
yet.
Now we're moving towards using read-only-rootfs, so we can't use
pkg_postinst_ontarget() for these files anymore. I tried using
pkg_postinst, but the chown command fails because apparently pkg_postinst
is executed before the extrausers.bbclass creates the users and groups.
ROOTFS_POSTPROCESS_COMMAND also doesn't seem to help, as it only works from
image recipes.
I've also tried using the useradd.bbclass in the recipes, which allows us
to set permissions from within the do_install task, but that started
causing trouble when we tried to start using useradd-staticids, which we
need to keep compatibility between software versions using the same files
from a persistent partition. The useradd.bbclass in combination with the
central extrausers.bbclass and useradd-staticids.bbclass is messy and
hasn't resulted in a working build yet, with recipes complaining certain
groups e.g. aren't available yet.
I'm sure some of you have come up with neat and simple solutions, could you
bright minds perhaps share your best practices to solve our issue?
Thanks,
Kind regards,
--
*Maik Vermeulen*
*Embedded Software Engineer*
[image: 2.png]
*maik@quatt.io <vivian@quatt.io> *
*quatt.io <http://www.quatt.io/>*
[-- Attachment #1.2: Type: text/html, Size: 3031 bytes --]
[-- Attachment #2: 2.png --]
[-- Type: image/png, Size: 31010 bytes --]
next reply other threads:[~2024-04-19 14:29 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-04-19 14:29 Maik Vermeulen [this message]
2024-04-19 15:44 ` [yocto] EXTRA_USERS_PARAMS and recipe file ownership Chuck Wolber
2024-04-22 8:33 ` Maik Vermeulen
[not found] ` <17C88D1A5A183672.10861@lists.yoctoproject.org>
2024-04-22 9:08 ` Maik Vermeulen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CALEqzqcC1PrqzEuQRe3W-6z75QgcpN9jBAaoseOGKEyGFZQsXA@mail.gmail.com \
--to=maik@quatt.io \
--cc=yocto@lists.yoctoproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).