WIP: compose: Add experimental/sysusers option

First, we add support for a new `experimental:` key. Then there's a new `sysusers` key underneath that. When enabled, we drop all of the other previous passwd handling. In practice the only one that was used was having static files. That is a pain to maintain. However, we need to statically assign non-zero uid/gid for any files that come from a base ostree commit. Anything else would mean the user/groups could be unpredictably assigned in different rpm-ostree runs. This code now checks for an errors out on that. In order to convert *fully* to sysusers, we install an interceptor for `useradd/groupadd` that talk back via a pipe to the compose process. These invocations then get translated to drop into a new` `sysusers.d/rpmostree-auto.conf` file. This way we don't need to require that every RPM have ported to sysusers.d. At the end, we drop everything in `/etc/passwd` and `/etc/group` except for the `root:` entries, relying on `systemd-sysusers` to readd everything at boot time. Closes: #49
coreos · Mar 8, 2019 · 9863d8e · 9863d8e
1 parent 6b928e8
commit 9863d8e
Show file tree

Hide file tree

Showing 17 changed files with 1,273 additions and 72 deletions.
diff --git a/docs/manual/treefile.md b/docs/manual/treefile.md
@@ -253,3 +253,7 @@ version of `rpm-ostree`.
 
  * `rojig`: Object, optional.  Sub-keys are `name`, `summary`, `license`,
    and `description`.  Of those, `name` and `license` are mandatory.
+
+ * `sysusers`: boolean, optional: Defaults to `false`. Enable generation of
+   systemd sysusers.d entries based on `useradd` invocations.  If enabled,
+   this overrides `preserve-passwd`.  It also obsoletes `check-passwd`.
diff --git a/rust/src/lib.rs b/rust/src/lib.rs
@@ -51,3 +51,5 @@ pub use journal::*;
 mod utils;
 pub use utils::*;
 mod openat_utils;
+mod sysusers;
+pub use sysusers::*;