sysusers: Delete altfiles for passwd: and group: entries

Author: HuijingHei

rpmostree-cxxrs.cxx

@@ -2165,7 +2165,8 @@ extern "C"
                                                   ::rpmostreecxx::Treefile &treefile) noexcept;
 
   ::rust::repr::PtrLen
-  rpmostreecxx$cxxbridge1$composepost_nsswitch_altfiles (::std::int32_t rootfs_dfd) noexcept;
+  rpmostreecxx$cxxbridge1$composepost_nsswitch_altfiles (::std::int32_t rootfs_dfd,
+                                                         bool sysusers) noexcept;
 
   ::rust::repr::PtrLen rpmostreecxx$cxxbridge1$compose_postprocess (
       ::std::int32_t rootfs_dfd, ::rpmostreecxx::Treefile &treefile, ::rust::Str next_version,
@@ -3945,9 +3946,10 @@ compose_prepare_rootfs (::std::int32_t src_rootfs_dfd, ::std::int32_t dest_rootf
 }
 
 void
-composepost_nsswitch_altfiles (::std::int32_t rootfs_dfd)
+composepost_nsswitch_altfiles (::std::int32_t rootfs_dfd, bool sysusers)
 {
-  ::rust::repr::PtrLen error$ = rpmostreecxx$cxxbridge1$composepost_nsswitch_altfiles (rootfs_dfd);
+  ::rust::repr::PtrLen error$
+      = rpmostreecxx$cxxbridge1$composepost_nsswitch_altfiles (rootfs_dfd, sysusers);
   if (error$.ptr)
     {
       throw ::rust::impl< ::rust::Error>::error (error$);

rpmostree-cxxrs.h

@@ -1837,7 +1837,7 @@ void configure_build_repo_from_target (::rpmostreecxx::OstreeRepo const &build_r
 void compose_prepare_rootfs (::std::int32_t src_rootfs_dfd, ::std::int32_t dest_rootfs_dfd,
                              ::rpmostreecxx::Treefile &treefile);
 
-void composepost_nsswitch_altfiles (::std::int32_t rootfs_dfd);
+void composepost_nsswitch_altfiles (::std::int32_t rootfs_dfd, bool sysusers);
 
 void compose_postprocess (::std::int32_t rootfs_dfd, ::rpmostreecxx::Treefile &treefile,
                           ::rust::Str next_version, bool unified_core);

rust/src/composepost.rs

@@ -640,7 +640,36 @@ fn strip_any_prefix<'a, 'b>(s: &'a str, prefixes: &[&'b str]) -> Option<(&'b str
         .find_map(|&p| s.strip_prefix(p).map(|r| (p, r)))
 }
 
+#[context("Delete altfiles for passwd and group entries")]
+fn del_altfiles(buf: &str) -> Result<String> {
+    let mut r = String::with_capacity(buf.len());
+    for line in buf.lines() {
+        let parts = if let Some(p) = strip_any_prefix(line, &["passwd:", "group:"]) {
+            p
+        } else {
+            r.push_str(line);
+            r.push('\n');
+            continue;
+        };
+        let (prefix, rest) = parts;
+        r.push_str(prefix);
+
+        for elt in rest.split_whitespace() {
+            if elt == "altfiles" {
+                // skip altfiles
+                continue;
+            } else {
+                r.push(' ');
+                r.push_str(elt);
+            }
+        }
+        r.push('\n');
+    }
+    Ok(r)
+}
+
 /// Inject `altfiles` after `files` for `passwd:` and `group:` entries.
+#[allow(dead_code)]
 fn add_altfiles(buf: &str) -> Result<String> {
     let mut r = String::with_capacity(buf.len());
     for line in buf.lines() {
@@ -677,20 +706,33 @@ fn add_altfiles(buf: &str) -> Result<String> {
     Ok(r)
 }
 
-/// Add `altfiles` entries to `nsswitch.conf`.
+/// Add or delete `altfiles` entries to `nsswitch.conf`.
 ///
-/// rpm-ostree currently depends on `altfiles`
-#[context("Adding altfiles to /etc/nsswitch.conf")]
-pub fn composepost_nsswitch_altfiles(rootfs_dfd: i32) -> CxxResult<()> {
+/// rpm-ostree currently depends on `altfiles`, should remove it when
+/// transfer to systemd-sysusers.
+#[context("Adding / deleting altfiles to /etc/nsswitch.conf")]
+pub fn composepost_nsswitch_altfiles(rootfs_dfd: i32, sysusers: bool) -> CxxResult<()> {
     let rootfs_dfd = unsafe { &crate::ffiutil::ffi_dirfd(rootfs_dfd)? };
     let path = "usr/etc/nsswitch.conf";
     if let Some(meta) = rootfs_dfd.symlink_metadata_optional(path)? {
         // If it's a symlink, then something else e.g. authselect must own it.
+        // Do nothing if disable systemd-sysusers.
         if meta.is_symlink() {
-            return Ok(());
+            if !sysusers {
+                return Ok(());
+            }
         }
-        let nsswitch = rootfs_dfd.read_to_string(path)?;
-        let nsswitch = add_altfiles(&nsswitch)?;
+        // Delete the symlink, create and update the config.
+        let target = "usr/etc/authselect/nsswitch.conf";
+        let nsswitch = rootfs_dfd
+            .read_to_string(target)
+            .with_context(|| format!("Reading target {}", target))?;
+        rootfs_dfd
+            .remove_file(path)
+            .with_context(|| format!("Removing {}", path))?;
+        rootfs_dfd.create(path)?;
+
+        let nsswitch = del_altfiles(&nsswitch)?;
         rootfs_dfd.atomic_write(path, nsswitch.as_bytes())?;
     }
 

rust/src/lib.rs

@@ -282,7 +282,7 @@ pub mod ffi {
             dest_rootfs_dfd: i32,
             treefile: &mut Treefile,
         ) -> Result<()>;
-        fn composepost_nsswitch_altfiles(rootfs_dfd: i32) -> Result<()>;
+        fn composepost_nsswitch_altfiles(rootfs_dfd: i32, sysusers: bool) -> Result<()>;
         fn compose_postprocess(
             rootfs_dfd: i32,
             treefile: &mut Treefile,

src/libpriv/rpmostree-postprocess.cxx

@@ -417,11 +417,12 @@ postprocess_final (int rootfs_dfd, rpmostreecxx::Treefile &treefile, gboolean un
 
       g_print ("Migrating /usr/etc/group to /usr/lib/\n");
       ROSCXX_TRY (migrate_group_except_root (rootfs_dfd, preserve_groups_set), error);
-
-      /* NSS configuration to look at the new files */
-      ROSCXX_TRY (composepost_nsswitch_altfiles (rootfs_dfd), error);
     }
 
+  /* NSS configuration to look at the new files. */
+  /* Should remove altfiles if we transfer to systemd-sysusers. */
+  ROSCXX_TRY (composepost_nsswitch_altfiles (rootfs_dfd, sysusers), error);
+
   if (selinux)
     {
       if (!postprocess_selinux_policy_store_location (rootfs_dfd, cancellable, error))