<div dir="ltr"><div dir="ltr"><br></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">Le dim. 7 juin 2020 à 21:35, Norbert Lange <<a href="mailto:nolange79@gmail.com">nolange79@gmail.com</a>> a écrit :<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Am So., 7. Juni 2020 um 13:40 Uhr schrieb Yann E. MORIN<br>
<<a href="mailto:yann.morin.1998@free.fr" target="_blank">yann.morin.1998@free.fr</a>>:<br>
><br>
> Nrobert, All,<br>
><br>
> On 2020-02-06 10:36 +0100, Norbert Lange spake thusly:<br>
> > The feature DynamicUser creates users/groups without<br>
> > touching the /etc/{passwd,group} files on disk.<br>
> > Adding the dynamic resolver to /etc/nsswitch.conf<br>
> > ensures the Names are resolved consistently.<br>
> ><br>
> > Signed-off-by: Norbert Lange <<a href="mailto:nolange79@gmail.com" target="_blank">nolange79@gmail.com</a>><br>
> > ---<br>
> > package/systemd/<a href="http://systemd.mk" rel="noreferrer" target="_blank">systemd.mk</a> | 8 ++++++++<br>
> > 1 file changed, 8 insertions(+)<br>
> ><br>
> > diff --git a/package/systemd/<a href="http://systemd.mk" rel="noreferrer" target="_blank">systemd.mk</a> b/package/systemd/<a href="http://systemd.mk" rel="noreferrer" target="_blank">systemd.mk</a><br>
> > index 05b07cfd1b..a390cdd1a9 100644<br>
> > --- a/package/systemd/<a href="http://systemd.mk" rel="noreferrer" target="_blank">systemd.mk</a><br>
> > +++ b/package/systemd/<a href="http://systemd.mk" rel="noreferrer" target="_blank">systemd.mk</a><br>
> > @@ -409,7 +409,15 @@ define SYSTEMD_INSTALL_MACHINEID_HOOK<br>
> > touch $(TARGET_DIR)/etc/machine-id<br>
> > endef<br>
> ><br>
> > +define SYSTEMD_ADD_NSSCONFIG_HOOK<br>
> > + grep >/dev/null '^passwd:.*systemd' $(TARGET_DIR)/etc/nsswitch.conf || \<br>
><br>
> While this is valid sytx, we customarily put the redirection at the end<br>
> of the command.<br>
><br>
> However, in this case, you would want to use 'grep -q', as that does not<br>
> output anything.<br>
<br>
I will do if thats preferred, but I usually redirect because<br>
<br>
"Portable shell scripts should avoid both -q and -s and should<br>
redirect standard and error output to /dev/null instead."<br>
(<a href="https://www.gnu.org/software/grep/manual/html_node/General-Output-Control.html" rel="noreferrer" target="_blank">https://www.gnu.org/software/grep/manual/html_node/General-Output-Control.html</a>)<br>
<br>
><br>
> > + sed '/^passwd:/ s/$$/ systemd/' $(TARGET_DIR)/etc/nsswitch.conf<br>
><br>
> How can that even work? By default, sed will out put to stdout, not<br>
> replace in-place.<br>
<br>
Excellent point.<br>
<br>
><br>
> This clearly has not been tested (or git-commit --amend was forgotten).<br>
<br>
It's tested in a way, that I have the resulting file in the rootfs overlay ;)<br>
<br>
><br>
> In this case, you want to use $(SED) that includes the -i option to do<br>
> in-place modifications.<br>
><br>
> > + grep >/dev/null '^group:.*systemd' $(TARGET_DIR)/etc/nsswitch.conf || \<br>
><br>
> Ditto grep -q.<br>
><br>
> > + sed '/^group:/ s/$$/ systemd/' $(TARGET_DIR)/etc/nsswitch.conf<br>
><br>
> Ditto $(SED).<br>
><br>
> Regards,<br>
> Yann E. MORIN.<br>
><br>
> > +endef<br>
> > +<br>
> > SYSTEMD_POST_INSTALL_TARGET_HOOKS += \<br>
> > + SYSTEMD_ADD_NSSCONFIG_HOOK \<br>
> > SYSTEMD_INSTALL_INIT_HOOK \<br>
> > SYSTEMD_INSTALL_MACHINEID_HOOK \<br>
> > SYSTEMD_INSTALL_RESOLVCONF_HOOK<br>
> > --<br>
> > 2.24.1<br>
> ><br>
><br>
> --<br>
> .-----------------.--------------------.------------------.--------------------.<br>
> | Yann E. MORIN | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |<br>
> | +33 662 376 056 | Software Designer | \ / CAMPAIGN | ___ |<br>
> | +33 561 099 427 `------------.-------: X AGAINST | \e/ There is no |<br>
> | <a href="http://ymorin.is-a-geek.org/" rel="noreferrer" target="_blank">http://ymorin.is-a-geek.org/</a> | _/*\_ | / \ HTML MAIL | v conspiracy. |<br>
> '------------------------------^-------^------------------^--------------------'<br>
<br>
Come to think of it, systemd comes with 4 or so nss plugins, maybe<br>
it's a better approach<br>
to have a fully featured nsswitch.conf in the skeleton and then cut<br>
out the plugins that are NOT built?<br>
Or use the one from systemd (source: factory/etc/nsswitch.conf), after<br>
a sed 's,compat,files,g'<br>
<br>
<br>
<br>
Norbert<br>
_______________________________________________<br>
buildroot mailing list<br>
<a href="mailto:buildroot@busybox.net" target="_blank">buildroot@busybox.net</a><br>
<a href="http://lists.busybox.net/mailman/listinfo/buildroot" rel="noreferrer" target="_blank">http://lists.busybox.net/mailman/listinfo/buildroot</a><br>
</blockquote></div><br clear="all"><div>For the record : systemd's upstream nsswitch.conf</div><div><br></div><div># This file is part of systemd.<br><br>passwd: compat mymachines systemd<br>group: compat mymachines systemd<br>shadow: compat<br><br>hosts: files mymachines resolve [!UNAVAIL=return] dns myhostname<br>networks: files<br><br>protocols: db files<br>services: db files<br>ethers: db files<br>rpc: db files<br><br>netgroup: nis<br></div><div><br></div><div><br></div><div>* mymachines add resolution for local (machinectl compatible) containers.</div><div> It also resolves UID/GID assigned to said-containers</div><div>* systemd adds UID/GID resolution for DynamicUser</div><div> DynamicUser allows a service to run with a dynamically determined UID,</div><div> thus simplifying configuration (no need for a line in /etc/passwd)</div><div><br></div><div>so independently of "how" I think it makes sense to always enable nss-systemd</div><div>and enable mymachines when systemd-nspawn is compiled in.</div><div><br></div>-- <br><div dir="ltr" class="gmail_signature"><div dir="ltr"><div><div dir="ltr"><table border="0" style="border-collapse:collapse;border-spacing:0px;color:rgb(51,51,51);font-family:Raleway,regular;font-size:14px;padding:20px"><tbody><tr><td style="padding:0px 30px 0px 0px;font-size:13px;color:rgb(255,128,84);text-align:center"><a href="http://www.smile.eu/" style="background-color:transparent;color:rgb(221,72,20)" target="_blank"><img src="http://ftp.smile.fr/client/Communication/signature/img/Logo-new.png" alt="SMILE" style="border: 0px; vertical-align: middle; max-width: 100%; height: auto;"> </a><br><br><p style="margin:0px 0px 10px">20 rue des Jardins<br>92600 Asnières-sur-Seine</p></td><td style="padding:0px 0px 0px 20px;border-left:1px solid rgb(59,127,254);font-size:13px;color:rgb(255,128,84)"><div style="font-size:14px"><b>Jérémy ROSEN</b></div><div style="color:rgb(59,127,254)">Architecte technique<br></div><br><div style="color:rgb(59,127,254)"><span style="white-space:nowrap"><img src="http://ftp.smile.fr/client/Communication/signature/img/mail.png" alt="email" width="12" height="10" style="border: 0px; vertical-align: middle; margin-right: 5px;"> <a href="mailto:jeremy.rosen@smile.fr" style="background-color:transparent;color:rgb(59,127,254)" target="_blank">jeremy.rosen@smile.fr</a> </span><br><span style="white-space:nowrap"><img src="http://ftp.smile.fr/client/Communication/signature/img/phone.png" alt="phone" width="10" height="10" style="border: 0px; vertical-align: middle; margin-right: 5px;"></span> +33 6 88 25 87 42 <br><span style="white-space:nowrap"><img src="http://ftp.smile.fr/client/Communication/signature/img/web.png" alt="url" width="12" height="12" style="border: 0px; vertical-align: middle; margin-right: 5px;"> <a href="http://www.smile.eu/" style="background-color:transparent;color:rgb(59,127,254)" target="_blank">http://www.smile.eu</a></span></div><br><div><span><a href="https://twitter.com/GroupeSmile" style="background-color:transparent;color:rgb(221,72,20);margin-right:5px" target="_blank"><img src="http://ftp.smile.fr/client/Communication/signature/img/rs-twitter.png" alt="Twitter" style="border: 0px; vertical-align: middle; max-width: 100%; height: auto;"></a></span> <span><a href="https://www.facebook.com/smileopensource" style="background-color:transparent;color:rgb(221,72,20);margin-right:5px" target="_blank"><img src="http://ftp.smile.fr/client/Communication/signature/img/rs-facebook.png" alt="Facebook" style="border: 0px; vertical-align: middle; max-width: 100%; height: auto;"></a></span> <span><a href="https://www.linkedin.com/company/smile" style="background-color:transparent;color:rgb(221,72,20);margin-right:5px" target="_blank"><img src="http://ftp.smile.fr/client/Communication/signature/img/rs-linkedin.png" alt="LinkedIn" style="border: 0px; vertical-align: middle; max-width: 100%; height: auto;"></a></span> <span><a href="https://github.com/Smile-SA" style="background-color:transparent;color:rgb(221,72,20);margin-right:5px" target="_blank"><img src="http://ftp.smile.fr/client/Communication/signature/img/rs-github.png" alt="Github" style="border: 0px; vertical-align: middle; max-width: 100%; height: auto;"></a></span></div></td></tr></tbody></table><br style="color:rgb(51,51,51);font-family:Raleway,regular;font-size:14px"><div style="color:rgb(51,51,51);font-family:Raleway,regular;font-size:14px"><a href="https://www.smile.eu/fr/publications/livres-blancs/yocto?utm_source=signature&utm_medium=email&utm_campaign=signature" style="background-color:transparent;color:rgb(221,72,20)" target="_blank"><img src="https://signature.smile.eu/assets/img/bandeaux_signature_mail_yocto.gif.gif" alt="Découvrez l’univers Smile, rendez-vous sur smile.eu" border="0" style="border: 0px; vertical-align: middle;"></a></div></div></div></div></div></div>