[Buildroot] [PATCH 02/10] package/systemd: add libnss-systemd to name resolution
Jérémy ROSEN
jeremy.rosen at smile.fr
Mon Jun 8 10:09:11 UTC 2020
Le dim. 7 juin 2020 à 21:35, Norbert Lange <nolange79 at gmail.com> a écrit :
> Am So., 7. Juni 2020 um 13:40 Uhr schrieb Yann E. MORIN
> <yann.morin.1998 at free.fr>:
> >
> > Nrobert, All,
> >
> > On 2020-02-06 10:36 +0100, Norbert Lange spake thusly:
> > > The feature DynamicUser creates users/groups without
> > > touching the /etc/{passwd,group} files on disk.
> > > Adding the dynamic resolver to /etc/nsswitch.conf
> > > ensures the Names are resolved consistently.
> > >
> > > Signed-off-by: Norbert Lange <nolange79 at gmail.com>
> > > ---
> > > package/systemd/systemd.mk | 8 ++++++++
> > > 1 file changed, 8 insertions(+)
> > >
> > > diff --git a/package/systemd/systemd.mk b/package/systemd/systemd.mk
> > > index 05b07cfd1b..a390cdd1a9 100644
> > > --- a/package/systemd/systemd.mk
> > > +++ b/package/systemd/systemd.mk
> > > @@ -409,7 +409,15 @@ define SYSTEMD_INSTALL_MACHINEID_HOOK
> > > touch $(TARGET_DIR)/etc/machine-id
> > > endef
> > >
> > > +define SYSTEMD_ADD_NSSCONFIG_HOOK
> > > + grep >/dev/null '^passwd:.*systemd'
> $(TARGET_DIR)/etc/nsswitch.conf || \
> >
> > While this is valid sytx, we customarily put the redirection at the end
> > of the command.
> >
> > However, in this case, you would want to use 'grep -q', as that does not
> > output anything.
>
> I will do if thats preferred, but I usually redirect because
>
> "Portable shell scripts should avoid both -q and -s and should
> redirect standard and error output to /dev/null instead."
> (
> https://www.gnu.org/software/grep/manual/html_node/General-Output-Control.html
> )
>
> >
> > > + sed '/^passwd:/ s/$$/ systemd/'
> $(TARGET_DIR)/etc/nsswitch.conf
> >
> > How can that even work? By default, sed will out put to stdout, not
> > replace in-place.
>
> Excellent point.
>
> >
> > This clearly has not been tested (or git-commit --amend was forgotten).
>
> It's tested in a way, that I have the resulting file in the rootfs overlay
> ;)
>
> >
> > In this case, you want to use $(SED) that includes the -i option to do
> > in-place modifications.
> >
> > > + grep >/dev/null '^group:.*systemd'
> $(TARGET_DIR)/etc/nsswitch.conf || \
> >
> > Ditto grep -q.
> >
> > > + sed '/^group:/ s/$$/ systemd/'
> $(TARGET_DIR)/etc/nsswitch.conf
> >
> > Ditto $(SED).
> >
> > Regards,
> > Yann E. MORIN.
> >
> > > +endef
> > > +
> > > SYSTEMD_POST_INSTALL_TARGET_HOOKS += \
> > > + SYSTEMD_ADD_NSSCONFIG_HOOK \
> > > SYSTEMD_INSTALL_INIT_HOOK \
> > > SYSTEMD_INSTALL_MACHINEID_HOOK \
> > > SYSTEMD_INSTALL_RESOLVCONF_HOOK
> > > --
> > > 2.24.1
> > >
> >
> > --
> >
> .-----------------.--------------------.------------------.--------------------.
> > | Yann E. MORIN | Real-Time Embedded | /"\ ASCII RIBBON | Erics'
> conspiracy: |
> > | +33 662 376 056 | Software Designer | \ / CAMPAIGN | ___
> |
> > | +33 561 099 427 `------------.-------: X AGAINST | \e/ There
> is no |
> > | http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL | v
> conspiracy. |
> >
> '------------------------------^-------^------------------^--------------------'
>
> Come to think of it, systemd comes with 4 or so nss plugins, maybe
> it's a better approach
> to have a fully featured nsswitch.conf in the skeleton and then cut
> out the plugins that are NOT built?
> Or use the one from systemd (source: factory/etc/nsswitch.conf), after
> a sed 's,compat,files,g'
>
>
>
> Norbert
> _______________________________________________
> buildroot mailing list
> buildroot at busybox.net
> http://lists.busybox.net/mailman/listinfo/buildroot
>
For the record : systemd's upstream nsswitch.conf
# This file is part of systemd.
passwd: compat mymachines systemd
group: compat mymachines systemd
shadow: compat
hosts: files mymachines resolve [!UNAVAIL=return] dns myhostname
networks: files
protocols: db files
services: db files
ethers: db files
rpc: db files
netgroup: nis
* mymachines add resolution for local (machinectl compatible) containers.
It also resolves UID/GID assigned to said-containers
* systemd adds UID/GID resolution for DynamicUser
DynamicUser allows a service to run with a dynamically determined UID,
thus simplifying configuration (no need for a line in /etc/passwd)
so independently of "how" I think it makes sense to always enable
nss-systemd
and enable mymachines when systemd-nspawn is compiled in.
--
[image: SMILE] <http://www.smile.eu/>
20 rue des Jardins
92600 Asnières-sur-Seine
*Jérémy ROSEN*
Architecte technique
[image: email] jeremy.rosen at smile.fr
[image: phone] +33 6 88 25 87 42
[image: url] http://www.smile.eu
[image: Twitter] <https://twitter.com/GroupeSmile> [image: Facebook]
<https://www.facebook.com/smileopensource> [image: LinkedIn]
<https://www.linkedin.com/company/smile> [image: Github]
<https://github.com/Smile-SA>
[image: Découvrez l’univers Smile, rendez-vous sur smile.eu]
<https://www.smile.eu/fr/publications/livres-blancs/yocto?utm_source=signature&utm_medium=email&utm_campaign=signature>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.busybox.net/pipermail/buildroot/attachments/20200608/eb84b6c0/attachment.html>
More information about the buildroot
mailing list