diff options
author | Panu Matilainen <pmatilai@redhat.com> | 2023-03-15 11:35:40 +0200 |
---|---|---|
committer | Panu Matilainen <pmatilai@redhat.com> | 2023-03-30 13:59:28 +0300 |
commit | 009d1397331a89413e2c5eead163cadb47ccdb4b (patch) | |
tree | 4bfcaf38f4b1a0bb02abf2c2d42df66a543fcf6d /tests | |
parent | fc09ee9d60cce879e521ac522b24817de32b3611 (diff) | |
download | rpm-009d1397331a89413e2c5eead163cadb47ccdb4b.tar.gz |
Automatically create sysuser users and groups on install
Add a new built-in %sysusers scriptlet that executes before unpacking
files and creates any sysuser users and groups provided by this package.
This scriptlet gets called with the same arguments as %pre, and
sysusers.d(5) lines are fed into the stdin of the script (ie similar to
file triggers).
systemd-sysusers is the native solution, but compatibility with
non-systemd distros can be achieved by pointing %__systemd_sysusers to a
script that translates the sysusers.d(5) lines into adduser/addgroup
calls or similar.
Unlike all the other package-related scripts, this runs from the outside
of a possible chroot to have access to the user-creation utilities
from the start of the transaction even in case of initial installation.
Users and groups are never deleted, on purpose, as that would lead to
uid/gid reuse and consequently, data leak and general weirdness.
Diffstat (limited to 'tests')
-rw-r--r-- | tests/atlocal.in | 2 | ||||
-rwxr-xr-x | tests/populate | 2 | ||||
-rw-r--r-- | tests/rpmi.at | 34 |
3 files changed, 37 insertions, 1 deletions
diff --git a/tests/atlocal.in b/tests/atlocal.in index 3559080bd..cb051570b 100644 --- a/tests/atlocal.in +++ b/tests/atlocal.in @@ -69,6 +69,8 @@ if mknod foodev c 123 123; then rm -f foodev else MKNOD_DISABLED=true + # not related to mknod but close enough for a "am I privileged" test + VERIFYOPTS="--nouser --nogroup" fi MALLOC_DEBUG=libc_malloc_debug.so.0 diff --git a/tests/populate b/tests/populate index cd965553c..87c0c7f4f 100755 --- a/tests/populate +++ b/tests/populate @@ -35,7 +35,7 @@ for cf in hosts resolv.conf passwd group mtab ; do [ -f /etc/${cf} ] && cp /etc/${cf} testing/etc/${cf} done touch testing/etc/{shadow,gshadow} -for prog in gzip cat cp patch tar sh bash ln chmod rm mkdir uname grep sed find file ionice mktemp nice cut sort diff touch install wc coreutils xargs mknod locale; do +for prog in gzip cat cp patch tar sh bash ln chmod rm mkdir uname grep sed find file ionice mktemp nice cut sort diff touch install wc coreutils xargs mknod locale systemd-sysusers; do p=`which ${prog}` if [ "${p}" != "" ]; then ln -s ${p} testing/${bindir}/ diff --git a/tests/rpmi.at b/tests/rpmi.at index 9cfc32187..747008493 100644 --- a/tests/rpmi.at +++ b/tests/rpmi.at @@ -1440,3 +1440,37 @@ deptest-test-obsoletes-1.0-1.noarch ], []) AT_CLEANUP + +AT_SETUP([rpm -i create user]) +AT_KEYWORDS([install]) +AT_CHECK([ +RPMDB_INIT + +runroot rpmbuild -bb --quiet --define "pkg user" --define "provs %{add_sysuser u myuser 876 - /home/myuser /bin/sh}"\ + /data/SPECS/deptest.spec +runroot rpm -U /build/RPMS/noarch/deptest-user-1.0-1.noarch.rpm 2> /dev/null +runroot_other tail -1 /etc/passwd +runroot rpm -V ${VERIFYOPTS} deptest-user +], +[0], +[myuser:x:876:876::/home/myuser:/bin/sh +], +[]) +AT_CLEANUP + +AT_SETUP([rpm -i create group]) +AT_KEYWORDS([install]) +AT_CHECK([ +RPMDB_INIT + +runroot rpmbuild -bb --quiet --define "pkg user" --define "provs %{add_sysuser g mygroup 678}"\ + /data/SPECS/deptest.spec +runroot rpm -i /build/RPMS/noarch/deptest-user-1.0-1.noarch.rpm 2> /dev/null +runroot_other tail -1 /etc/group +runroot rpm -V ${VERIFYOPTS} deptest-user +], +[0], +[mygroup:x:678: +], +[]) +AT_CLEANUP |