Pmbootstrap: Improved "user" creation code
Follow-up to #666 and what has been discussed in the channel.
We would like to have the following changes:
- [x] user used in the build chroots should be called "build", not "user" (to avoid confusion)
- [x] ask in
pmbootstrap initfor the install-user, default touser - [x] during
pmbootstrap install: the install-user should be created inside the chroot, with a UID of1000 - [x] give the install-user the normal set of "desktop" groups
Keep in mind, that a lot of --bind mounts mount stuff to /home/user, so we would need to replace the username in there.
ollieparanoid
All 5 comments
I've been working in this issue today and the progress is good :tada:
However I don't know how to adjust sudoers accordingly to the username specified during the init phase.
At the moment, the user is hardcoded and I don't know how to get the username while building the postmarketos-base package nor I can use UIDs in sudoers.
PabloCastellano
on 8 Oct 2017
I've also tried appending the {user} ALL=(ALL) ALL line similar to how we write /etc/os-release but since this file is only readable and writable by root, it is not straight-forward to do it from a Python function.
Any ideas?
PabloCastellano
on 8 Oct 2017
You shouldn't put the username in sudoers, you the created user should be added to the wheel or sudo group and one or both of those groups should be in sudoers.
MartijnBraam
on 8 Oct 2017
@MartijnBraam Oh, the sudoers file confused me and I couldn't see the standard way.
I've just pushed the last change, tried it and works for me. So it's time for review and testing.
One bad thing about this change is that you need to run some commands to set your pmbootstrap folder in a consistent state, so we will probably see people complaining about it in the channel during the week after the merge because they just updated their local repo and didn't notice about it.
These are the steps I had to run after changing branch from master:
pmb init
pmb -y zap -d -hc -p
rm -fr ~/.local/var/pmbootstrap/config_*
And these are the kind of errors that you will get if you don't run the previous commands:
(010391) [22:31:44] (native) % cd /home/build/packages/build/aarch64 && su build -c 'abuild-sign APKINDEX.tar.gz_'
Error opening key file /home/user/.abuild/user-59da88ae.rsa
139767470046092:error:02FFF002:system library:func(4095):No such file or directory:bio/bss_file.c:255:fopen('/home/user/.abuild/user-59da88ae.rsa', 'r')
139767470046092:error:20FFF002:BIO routines:CRYPTO_internal:system lib:bio/bss_file.c:257:
unable to load key file
ERROR: /home/build/packages/build/x86_64/postmarketos-base-3-r8.apk: UNTRUSTED signature
We have a safe upgrade path now: https://github.com/postmarketOS/pmbootstrap/pull/725/commits/a7fd434b4cc0bcca65586c2c49a2c4b64124ee16
ollieparanoid
on 9 Oct 2017
Related issues
ollieparanoid
路
7Comments
zenety
路
5Comments
fynngodau
路
3Comments
ollieparanoid
路
3Comments
MartijnBraam
路
5Comments
Most helpful comment
You shouldn't put the username in sudoers, you the created user should be added to the
wheelorsudogroup and one or both of those groups should be in sudoers.