From 009d1397331a89413e2c5eead163cadb47ccdb4b Mon Sep 17 00:00:00 2001 From: Panu Matilainen Date: Wed, 15 Mar 2023 11:35:40 +0200 Subject: Automatically create sysuser users and groups on install Add a new built-in %sysusers scriptlet that executes before unpacking files and creates any sysuser users and groups provided by this package. This scriptlet gets called with the same arguments as %pre, and sysusers.d(5) lines are fed into the stdin of the script (ie similar to file triggers). systemd-sysusers is the native solution, but compatibility with non-systemd distros can be achieved by pointing %__systemd_sysusers to a script that translates the sysusers.d(5) lines into adduser/addgroup calls or similar. Unlike all the other package-related scripts, this runs from the outside of a possible chroot to have access to the user-creation utilities from the start of the transaction even in case of initial installation. Users and groups are never deleted, on purpose, as that would lead to uid/gid reuse and consequently, data leak and general weirdness. --- tests/atlocal.in | 2 ++ tests/populate | 2 +- tests/rpmi.at | 34 ++++++++++++++++++++++++++++++++++ 3 files changed, 37 insertions(+), 1 deletion(-) (limited to 'tests') diff --git a/tests/atlocal.in b/tests/atlocal.in index 3559080bd..cb051570b 100644 --- a/tests/atlocal.in +++ b/tests/atlocal.in @@ -69,6 +69,8 @@ if mknod foodev c 123 123; then rm -f foodev else MKNOD_DISABLED=true + # not related to mknod but close enough for a "am I privileged" test + VERIFYOPTS="--nouser --nogroup" fi MALLOC_DEBUG=libc_malloc_debug.so.0 diff --git a/tests/populate b/tests/populate index cd965553c..87c0c7f4f 100755 --- a/tests/populate +++ b/tests/populate @@ -35,7 +35,7 @@ for cf in hosts resolv.conf passwd group mtab ; do [ -f /etc/${cf} ] && cp /etc/${cf} testing/etc/${cf} done touch testing/etc/{shadow,gshadow} -for prog in gzip cat cp patch tar sh bash ln chmod rm mkdir uname grep sed find file ionice mktemp nice cut sort diff touch install wc coreutils xargs mknod locale; do +for prog in gzip cat cp patch tar sh bash ln chmod rm mkdir uname grep sed find file ionice mktemp nice cut sort diff touch install wc coreutils xargs mknod locale systemd-sysusers; do p=`which ${prog}` if [ "${p}" != "" ]; then ln -s ${p} testing/${bindir}/ diff --git a/tests/rpmi.at b/tests/rpmi.at index 9cfc32187..747008493 100644 --- a/tests/rpmi.at +++ b/tests/rpmi.at @@ -1440,3 +1440,37 @@ deptest-test-obsoletes-1.0-1.noarch ], []) AT_CLEANUP + +AT_SETUP([rpm -i create user]) +AT_KEYWORDS([install]) +AT_CHECK([ +RPMDB_INIT + +runroot rpmbuild -bb --quiet --define "pkg user" --define "provs %{add_sysuser u myuser 876 - /home/myuser /bin/sh}"\ + /data/SPECS/deptest.spec +runroot rpm -U /build/RPMS/noarch/deptest-user-1.0-1.noarch.rpm 2> /dev/null +runroot_other tail -1 /etc/passwd +runroot rpm -V ${VERIFYOPTS} deptest-user +], +[0], +[myuser:x:876:876::/home/myuser:/bin/sh +], +[]) +AT_CLEANUP + +AT_SETUP([rpm -i create group]) +AT_KEYWORDS([install]) +AT_CHECK([ +RPMDB_INIT + +runroot rpmbuild -bb --quiet --define "pkg user" --define "provs %{add_sysuser g mygroup 678}"\ + /data/SPECS/deptest.spec +runroot rpm -i /build/RPMS/noarch/deptest-user-1.0-1.noarch.rpm 2> /dev/null +runroot_other tail -1 /etc/group +runroot rpm -V ${VERIFYOPTS} deptest-user +], +[0], +[mygroup:x:678: +], +[]) +AT_CLEANUP -- cgit v1.2.1