Skip to content

Commit 3034dc0

Browse files
HuijingHeiHuijingHei
committed
passwd.rs: add condition when adding passwd/group 
1 parent 1fd0c14 commit 3034dc0

File tree

2 files changed

+11
-5
lines changed

2 files changed

+11
-5
lines changed

docs/treefile.md

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -37,7 +37,6 @@ It supports the following parameters:
3737
no SELinux labeling will be performed on the server side.
3838

3939
* `sysusers`: boolean, optional: Defaults to `false`.
40-
Enable generation of systemd `sysusers.d` entries.
4140
If `true`, this turns off `altfiles` and disables the `passwd` / `group`
4241
files migration to `/usr/lib`.
4342

rust/src/passwd.rs

Lines changed: 11 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -614,6 +614,7 @@ fn complete_pwgrp(rootfs: &Dir) -> Result<()> {
614614
/// This is a pre-commit validation hook which ensures that the upcoming
615615
/// users/groups entries are somehow sane. See treefile `check-passwd` and
616616
/// `check-groups` fields for a description of available validation knobs.
617+
#[context("Validate users/groups refer to treefile check-passwd/check-groups configuration")]
617618
pub fn check_passwd_group_entries(
618619
ffi_repo: &crate::ffi::OstreeRepo,
619620
rootfs_dfd: i32,
@@ -630,8 +631,12 @@ pub fn check_passwd_group_entries(
630631

631632
// Parse entries in the upcoming commit content.
632633
let mut new_entities = PasswdEntries::default();
633-
new_entities.add_passwd_content(rootfs.as_raw_fd(), "usr/lib/passwd")?;
634-
new_entities.add_group_content(rootfs.as_raw_fd(), "usr/lib/group")?;
634+
new_entities.add_passwd_content(rootfs.as_raw_fd(), "usr/etc/passwd")?;
635+
new_entities.add_group_content(rootfs.as_raw_fd(), "usr/etc/group")?;
636+
if has_usrlib_passwd(&rootfs)? {
637+
new_entities.add_passwd_content(rootfs.as_raw_fd(), "usr/lib/passwd")?;
638+
new_entities.add_group_content(rootfs.as_raw_fd(), "usr/lib/group")?;
639+
}
635640

636641
// Fetch entries from treefile and previous commit, according to config.
637642
// These are used as ground-truth by the validation steps below.
@@ -679,9 +684,11 @@ impl PasswdDB {
679684
pub(crate) fn populate_new(rootfs: &Dir) -> Result<Self> {
680685
let mut db = Self::default();
681686
db.add_passwd_content(rootfs.as_raw_fd(), "usr/etc/passwd")?;
682-
db.add_passwd_content(rootfs.as_raw_fd(), "usr/lib/passwd")?;
683687
db.add_group_content(rootfs.as_raw_fd(), "usr/etc/group")?;
684-
db.add_group_content(rootfs.as_raw_fd(), "usr/lib/group")?;
688+
if has_usrlib_passwd(&rootfs)? {
689+
db.add_passwd_content(rootfs.as_raw_fd(), "usr/lib/passwd")?;
690+
db.add_group_content(rootfs.as_raw_fd(), "usr/lib/group")?;
691+
}
685692
Ok(db)
686693
}
687694

0 commit comments

Comments
 (0)