[Buildroot] [PATCH 00/10] Improvements to systemd

[Buildroot] [PATCH 00/10] Improvements to systemd

[Norbert Lange]

Hello,

this contains several cleanups ond improvements on systemd,
it replaces old patches [1] and [2], including the
requested changes.

1.   allow the hook to operate on files added from an overlay
2.   hooks libnss-systemd into the rootfs (so that DynamicUser
     option works correctly)
3.   and following: update and improve user accounts
     (depends on 2.)
7.   and following: support systemd catalog files
9.   run systemd-tmpfiles in fakeroot step


[1] - https://patchwork.ozlabs.org/patch/1222103/
[2] - https://patchwork.ozlabs.org/patch/1222179/


Norbert Lange (10):
  package/systemd: move preset-all HOOK to fakeroot stage
  package/systemd: add libnss-systemd to name resolution
  package/systemd: remove unused user accounts
  package/systemd: create "remote" user if the feature is enabled
  package/systemd: cosmetic rearrange list of users
  package/systemd: sync user comments to upstream
  Makefile: Handle systemd catalogs in PURGE_LOCALES
  package/systemd: add hook to update journalctl catalogs
  package/systemd: option to delete all catalog files
  package/systemd: invoke systemd-tmpfilesd on final image

 Makefile                   |  8 ++++++
 package/systemd/Config.in  | 12 ++++++++
 package/systemd/systemd.mk | 56 ++++++++++++++++++++++++++++++--------
 3 files changed, 65 insertions(+), 11 deletions(-)

--
2.24.1

[Buildroot] [PATCH 01/10] package/systemd: move preset-all HOOK to fakeroot stage

[Norbert Lange]

User can drop in more systemd units or presets
in an rootfs overlay, which will be copied over *after*
the TARGET_FINALIZE_HOOKS are run.

Instead, run preset-all afterwards from ROOTFS_PRE_CMD_HOOKS

Signed-off-by: Norbert Lange <nolange79@gmail.com>
---
 package/systemd/systemd.mk | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/package/systemd/systemd.mk b/package/systemd/systemd.mk
index 6e31a14ac3..05b07cfd1b 100644
--- a/package/systemd/systemd.mk
+++ b/package/systemd/systemd.mk
@@ -490,7 +490,7 @@ endef
 define SYSTEMD_PRESET_ALL
 	$(HOST_DIR)/bin/systemctl --root=$(TARGET_DIR) preset-all
 endef
-SYSTEMD_TARGET_FINALIZE_HOOKS += SYSTEMD_PRESET_ALL
+SYSTEMD_ROOTFS_PRE_CMD_HOOKS += SYSTEMD_PRESET_ALL
 
 SYSTEMD_CONF_ENV = $(HOST_UTF8_LOCALE_ENV)
 SYSTEMD_NINJA_ENV = $(HOST_UTF8_LOCALE_ENV)
-- 
2.24.1

[Buildroot] [PATCH 02/10] package/systemd: add libnss-systemd to name resolution

[Norbert Lange]

The feature DynamicUser creates users/groups without
touching the /etc/{passwd,group} files on disk.
Adding the dynamic resolver to /etc/nsswitch.conf
ensures the Names are resolved consistently.

Signed-off-by: Norbert Lange <nolange79@gmail.com>
---
 package/systemd/systemd.mk | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/package/systemd/systemd.mk b/package/systemd/systemd.mk
index 05b07cfd1b..a390cdd1a9 100644
--- a/package/systemd/systemd.mk
+++ b/package/systemd/systemd.mk
@@ -409,7 +409,15 @@ define SYSTEMD_INSTALL_MACHINEID_HOOK
 	touch $(TARGET_DIR)/etc/machine-id
 endef
 
+define SYSTEMD_ADD_NSSCONFIG_HOOK
+	grep >/dev/null '^passwd:.*systemd' $(TARGET_DIR)/etc/nsswitch.conf || \
+		sed '/^passwd:/ s/$$/ systemd/' $(TARGET_DIR)/etc/nsswitch.conf
+	grep >/dev/null '^group:.*systemd' $(TARGET_DIR)/etc/nsswitch.conf || \
+		sed '/^group:/ s/$$/ systemd/' $(TARGET_DIR)/etc/nsswitch.conf
+endef
+
 SYSTEMD_POST_INSTALL_TARGET_HOOKS += \
+	SYSTEMD_ADD_NSSCONFIG_HOOK \
 	SYSTEMD_INSTALL_INIT_HOOK \
 	SYSTEMD_INSTALL_MACHINEID_HOOK \
 	SYSTEMD_INSTALL_RESOLVCONF_HOOK
-- 
2.24.1

[Buildroot] [PATCH 03/10] package/systemd: remove unused user accounts

[Norbert Lange]

Since V235 the "gateway" and "upload" services use DynamicUsers,
requiring no entries in /etc/passwd.
This functionality requires option nss-systemd, which is always
enabled in buildroot.

The "bus-proxy" user was removed in V230

Signed-off-by: Norbert Lange <nolange79@gmail.com>
---
 package/systemd/systemd.mk | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/package/systemd/systemd.mk b/package/systemd/systemd.mk
index a390cdd1a9..b46c4fd540 100644
--- a/package/systemd/systemd.mk
+++ b/package/systemd/systemd.mk
@@ -431,10 +431,7 @@ define SYSTEMD_USERS
 	- - systemd-journal -1 * - - - Journal
 	- - render -1 * - - - DRI rendering nodes
 	- - kvm -1 * - - - kvm nodes
-	systemd-bus-proxy -1 systemd-bus-proxy -1 * - - - Proxy D-Bus messages to/from a bus
-	systemd-journal-gateway -1 systemd-journal-gateway -1 * /var/log/journal - - Journal Gateway
 	systemd-journal-remote -1 systemd-journal-remote -1 * /var/log/journal/remote - - Journal Remote
-	systemd-journal-upload -1 systemd-journal-upload -1 * - - - Journal Upload
 	$(SYSTEMD_COREDUMP_USER)
 	$(SYSTEMD_NETWORKD_USER)
 	$(SYSTEMD_RESOLVED_USER)
-- 
2.24.1

[Buildroot] [PATCH 04/10] package/systemd: create "remote" user if the feature is enabled

[Norbert Lange]

Signed-off-by: Norbert Lange <nolange79@gmail.com>
---
 package/systemd/systemd.mk | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/package/systemd/systemd.mk b/package/systemd/systemd.mk
index b46c4fd540..b3e83b5d3b 100644
--- a/package/systemd/systemd.mk
+++ b/package/systemd/systemd.mk
@@ -181,6 +181,7 @@ endif
 
 ifeq ($(BR2_PACKAGE_SYSTEMD_JOURNAL_REMOTE),y)
 SYSTEMD_CONF_OPTS += -Dremote=true
+SYSTEMD_REMOTE_USER = systemd-journal-remote -1 systemd-journal-remote -1 * /var/log/journal/remote - - Journal Remote
 else
 SYSTEMD_CONF_OPTS += -Dremote=false
 endif
@@ -431,7 +432,7 @@ define SYSTEMD_USERS
 	- - systemd-journal -1 * - - - Journal
 	- - render -1 * - - - DRI rendering nodes
 	- - kvm -1 * - - - kvm nodes
-	systemd-journal-remote -1 systemd-journal-remote -1 * /var/log/journal/remote - - Journal Remote
+	$(SYSTEMD_REMOTE_USER)
 	$(SYSTEMD_COREDUMP_USER)
 	$(SYSTEMD_NETWORKD_USER)
 	$(SYSTEMD_RESOLVED_USER)
-- 
2.24.1

[Buildroot] [PATCH 05/10] package/systemd: cosmetic rearrange list of users

[Norbert Lange]

Signed-off-by: Norbert Lange <nolange79@gmail.com>
---
 package/systemd/systemd.mk | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/package/systemd/systemd.mk b/package/systemd/systemd.mk
index b3e83b5d3b..b6bd85f130 100644
--- a/package/systemd/systemd.mk
+++ b/package/systemd/systemd.mk
@@ -428,10 +428,12 @@ define SYSTEMD_INSTALL_IMAGES_CMDS
 endef
 
 define SYSTEMD_USERS
+	# udev user groups
 	- - input -1 * - - - Input device group
-	- - systemd-journal -1 * - - - Journal
 	- - render -1 * - - - DRI rendering nodes
 	- - kvm -1 * - - - kvm nodes
+	# systemd user groups
+	- - systemd-journal -1 * - - - Journal
 	$(SYSTEMD_REMOTE_USER)
 	$(SYSTEMD_COREDUMP_USER)
 	$(SYSTEMD_NETWORKD_USER)
-- 
2.24.1

[Buildroot] [PATCH 06/10] package/systemd: sync user comments to upstream

[Norbert Lange]

Description is matched to the ones in the upstream sysusers.d
files. Remove homedirectory (upstream doesnt care either).

Signed-off-by: Norbert Lange <nolange79@gmail.com>
---
 package/systemd/systemd.mk | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/package/systemd/systemd.mk b/package/systemd/systemd.mk
index b6bd85f130..6ea25e3363 100644
--- a/package/systemd/systemd.mk
+++ b/package/systemd/systemd.mk
@@ -181,7 +181,7 @@ endif
 
 ifeq ($(BR2_PACKAGE_SYSTEMD_JOURNAL_REMOTE),y)
 SYSTEMD_CONF_OPTS += -Dremote=true
-SYSTEMD_REMOTE_USER = systemd-journal-remote -1 systemd-journal-remote -1 * /var/log/journal/remote - - Journal Remote
+SYSTEMD_REMOTE_USER = systemd-journal-remote -1 systemd-journal-remote -1 * - - - systemd Journal Remote
 else
 SYSTEMD_CONF_OPTS += -Dremote=false
 endif
@@ -305,7 +305,7 @@ endif
 
 ifeq ($(BR2_PACKAGE_SYSTEMD_COREDUMP),y)
 SYSTEMD_CONF_OPTS += -Dcoredump=true
-SYSTEMD_COREDUMP_USER = systemd-coredump -1 systemd-coredump -1 * /var/lib/systemd/coredump - - Core Dumper
+SYSTEMD_COREDUMP_USER = systemd-coredump -1 systemd-coredump -1 * - - - systemd core dump processing
 else
 SYSTEMD_CONF_OPTS += -Dcoredump=false
 endif
@@ -325,7 +325,7 @@ endif
 
 ifeq ($(BR2_PACKAGE_SYSTEMD_NETWORKD),y)
 SYSTEMD_CONF_OPTS += -Dnetworkd=true
-SYSTEMD_NETWORKD_USER = systemd-network -1 systemd-network -1 * - - - Network Manager
+SYSTEMD_NETWORKD_USER = systemd-network -1 systemd-network -1 * - - - systemd Network Management
 SYSTEMD_NETWORKD_DHCP_IFACE = $(call qstrip,$(BR2_SYSTEM_DHCP))
 ifneq ($(SYSTEMD_NETWORKD_DHCP_IFACE),)
 define SYSTEMD_INSTALL_NETWORK_CONFS
@@ -344,14 +344,14 @@ define SYSTEMD_INSTALL_RESOLVCONF_HOOK
 		$(TARGET_DIR)/etc/resolv.conf
 endef
 SYSTEMD_CONF_OPTS += -Dresolve=true
-SYSTEMD_RESOLVED_USER = systemd-resolve -1 systemd-resolve -1 * - - - Network Name Resolution Manager
+SYSTEMD_RESOLVED_USER = systemd-resolve -1 systemd-resolve -1 * - - - systemd Resolver
 else
 SYSTEMD_CONF_OPTS += -Dresolve=false
 endif
 
 ifeq ($(BR2_PACKAGE_SYSTEMD_TIMESYNCD),y)
 SYSTEMD_CONF_OPTS += -Dtimesyncd=true
-SYSTEMD_TIMESYNCD_USER = systemd-timesync -1 systemd-timesync -1 * - - - Network Time Synchronization
+SYSTEMD_TIMESYNCD_USER = systemd-timesync -1 systemd-timesync -1 * - - - systemd Time Synchronization
 else
 SYSTEMD_CONF_OPTS += -Dtimesyncd=false
 endif
-- 
2.24.1

[Buildroot] [PATCH 07/10] Makefile: Handle systemd catalogs in PURGE_LOCALES

[Norbert Lange]

journald supports localization with Catalog files with
a naming scheme <name>.<lang>.catalog.
We want to purge them like other locales.

Signed-off-by: Norbert Lange <nolange79@gmail.com>
---
 Makefile | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/Makefile b/Makefile
index a52f1c75fd..e6890e13c4 100644
--- a/Makefile
+++ b/Makefile
@@ -701,6 +701,14 @@ define PURGE_LOCALES
 			fi \
 		done; \
 	done
+	for cfile in $(wildcard $(TARGET_DIR)/usr/lib/systemd/catalog/*.catalog); \
+	do \
+		basename=$${cfile##*/}; \
+		basename=$${basename%.catalog}; \
+		langext=$${basename#*.}; \
+		[ "$$langext" != "$${basename}" ] || continue; \
+		grep -qx "$${langext}" $(LOCALE_WHITELIST) || rm -f "$$cfile"; \
+	done
 	if [ -d $(TARGET_DIR)/usr/share/X11/locale ]; \
 	then \
 		for lang in $(LOCALE_NOPURGE); \
-- 
2.24.1

[Buildroot] [PATCH 08/10] package/systemd: add hook to update journalctl catalogs

[Norbert Lange]

journald supports catalog files, or rather a binary database of
those.
This add a hook to create said database from the available
catalog source files (which are not needed afterwards).

One ugly workaround is or ensuring that PURGE_LOCALES is
called before, we do this by adding this hook
(will then run twice during the finalize target step).

Signed-off-by: Norbert Lange <nolange79@gmail.com>
---
 package/systemd/systemd.mk | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/package/systemd/systemd.mk b/package/systemd/systemd.mk
index 6ea25e3363..8db3a1b117 100644
--- a/package/systemd/systemd.mk
+++ b/package/systemd/systemd.mk
@@ -500,6 +500,16 @@ define SYSTEMD_PRESET_ALL
 endef
 SYSTEMD_ROOTFS_PRE_CMD_HOOKS += SYSTEMD_PRESET_ALL
 
+define SYSTEMD_UPDATE_CATALOGS
+	$(HOST_DIR)/bin/journalctl --root=$(TARGET_DIR) --update-catalog
+endef
+
+# SYSTEMD_UPDATE_CATALOGS needs to run after PURGE_LOCALES
+ifeq ($(BR2_ENABLE_LOCALE_PURGE),y)
+SYSTEMD_TARGET_FINALIZE_HOOKS += PURGE_LOCALES
+endif
+SYSTEMD_TARGET_FINALIZE_HOOKS += SYSTEMD_UPDATE_CATALOGS
+
 SYSTEMD_CONF_ENV = $(HOST_UTF8_LOCALE_ENV)
 SYSTEMD_NINJA_ENV = $(HOST_UTF8_LOCALE_ENV)
 
@@ -577,6 +587,7 @@ HOST_SYSTEMD_DEPENDENCIES = \
 #   $(HOST_DIR)/lib
 # * thus re-tweak rpath after the installation for all binaries that need it
 HOST_SYSTEMD_HOST_TOOLS = \
+	journalctl \
 	systemd-analyze \
 	systemd-mount \
 	systemctl \
-- 
2.24.1

[Buildroot] [PATCH 09/10] package/systemd: option to delete all catalog files

[Norbert Lange]

Unless you need to rebuild the database, there is
no need for the (source) catalog files.

This option removes the files in a ROOTFS_PRE_CMD_HOOK

Signed-off-by: Norbert Lange <nolange79@gmail.com>
---
 package/systemd/Config.in  | 12 ++++++++++++
 package/systemd/systemd.mk |  8 ++++++++
 2 files changed, 20 insertions(+)

diff --git a/package/systemd/Config.in b/package/systemd/Config.in
index c727082a1a..c0727db94a 100644
--- a/package/systemd/Config.in
+++ b/package/systemd/Config.in
@@ -224,6 +224,18 @@ config BR2_PACKAGE_SYSTEMD_IMPORTD
 
 	  http://www.freedesktop.org/software/systemd/man/machinectl.html#Image%20Transfer%20Commands
 
+config BR2_PACKAGE_SYSTEMD_RETAIN_CATALOGS
+	bool "retain source catalog files"
+	help
+	  catalog files are used to provide extended and potentially localized
+	  messages for the journal.
+	  The files reside in /usr/lib/systemd/catalog, but arent used directly,
+	  instead a binary database will be built using these files.
+
+	  Only if the database needs to be rebuilt later they need to be retained.
+
+	  https://www.freedesktop.org/wiki/Software/systemd/catalog/
+
 config BR2_PACKAGE_SYSTEMD_LOCALED
 	bool "enable locale daemon"
 	help
diff --git a/package/systemd/systemd.mk b/package/systemd/systemd.mk
index 8db3a1b117..4d6ff0be45 100644
--- a/package/systemd/systemd.mk
+++ b/package/systemd/systemd.mk
@@ -401,6 +401,14 @@ ifneq ($(SYSTEMD_FALLBACK_HOSTNAME),)
 SYSTEMD_CONF_OPTS += -Dfallback-hostname=$(SYSTEMD_FALLBACK_HOSTNAME)
 endif
 
+ifneq ($(BR2_PACKAGE_SYSTEMD_RETAIN_CATALOGS),y)
+define SYSTEMD_RM_SOURCE_CATALOGS_HOOK
+	rm -rf $(TARGET_DIR)/usr/lib/systemd/catalog
+endef
+
+SYSTEMD_ROOTFS_PRE_CMD_HOOKS += SYSTEMD_RM_SOURCE_CATALOGS_HOOK
+endif
+
 define SYSTEMD_INSTALL_INIT_HOOK
 	ln -fs multi-user.target \
 		$(TARGET_DIR)/usr/lib/systemd/system/default.target
-- 
2.24.1

[Buildroot] [PATCH 10/10] package/systemd: invoke systemd-tmpfilesd on final image

[Norbert Lange]

Especially for read-only filesystems it is helpfull to
pre-create all folders for non-volatile paths.

This needs to run under fakeroot to allow setting uids/gids/perms

Signed-off-by: Norbert Lange <nolange79@gmail.com>
---
 package/systemd/systemd.mk | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/package/systemd/systemd.mk b/package/systemd/systemd.mk
index 4d6ff0be45..69e2e1bf41 100644
--- a/package/systemd/systemd.mk
+++ b/package/systemd/systemd.mk
@@ -518,6 +518,12 @@ SYSTEMD_TARGET_FINALIZE_HOOKS += PURGE_LOCALES
 endif
 SYSTEMD_TARGET_FINALIZE_HOOKS += SYSTEMD_UPDATE_CATALOGS
 
+define SYSTEMD_CREATE_TMPFILES_HOOK
+	$(HOST_DIR)/bin/systemd-tmpfiles --root=$(TARGET_DIR) --create --boot \
+		$(addprefix --exclude-prefix=/,dev mnt proc run sys tmp) || :
+endef
+SYSTEMD_ROOTFS_PRE_CMD_HOOKS += SYSTEMD_CREATE_TMPFILES_HOOK
+
 SYSTEMD_CONF_ENV = $(HOST_UTF8_LOCALE_ENV)
 SYSTEMD_NINJA_ENV = $(HOST_UTF8_LOCALE_ENV)
 
@@ -559,7 +565,7 @@ HOST_SYSTEMD_CONF_OPTS = \
 	-Dvconsole=false \
 	-Dquotacheck=false \
 	-Dsysusers=false \
-	-Dtmpfiles=false \
+	-Dtmpfiles=true \
 	-Dimportd=false \
 	-Dhwdb=false \
 	-Drfkill=false \
@@ -598,6 +604,7 @@ HOST_SYSTEMD_HOST_TOOLS = \
 	journalctl \
 	systemd-analyze \
 	systemd-mount \
+	systemd-tmpfiles \
 	systemctl \
 	udevadm
 
-- 
2.24.1

[Buildroot] [PATCH 03/10] package/systemd: remove unused user accounts

[Jérémy ROSEN]

Yes...
Long term we should use systems-sysuser for that, so upstream trickles down
automatically

in the mean time,

Reviewed-by: J?r?my Rosen <jeremy.rosen@smile.fr>


Le jeu. 6 f?vr. 2020 ? 10:37, Norbert Lange <nolange79@gmail.com> a ?crit :

> Since V235 the "gateway" and "upload" services use DynamicUsers,
> requiring no entries in /etc/passwd.
> This functionality requires option nss-systemd, which is always
> enabled in buildroot.
>
> The "bus-proxy" user was removed in V230
>
> Signed-off-by: Norbert Lange <nolange79@gmail.com>
> ---
>  package/systemd/systemd.mk | 3 ---
>  1 file changed, 3 deletions(-)
>
> diff --git a/package/systemd/systemd.mk b/package/systemd/systemd.mk
> index a390cdd1a9..b46c4fd540 100644
> --- a/package/systemd/systemd.mk
> +++ b/package/systemd/systemd.mk
> @@ -431,10 +431,7 @@ define SYSTEMD_USERS
>         - - systemd-journal -1 * - - - Journal
>         - - render -1 * - - - DRI rendering nodes
>         - - kvm -1 * - - - kvm nodes
> -       systemd-bus-proxy -1 systemd-bus-proxy -1 * - - - Proxy D-Bus
> messages to/from a bus
> -       systemd-journal-gateway -1 systemd-journal-gateway -1 *
> /var/log/journal - - Journal Gateway
>         systemd-journal-remote -1 systemd-journal-remote -1 *
> /var/log/journal/remote - - Journal Remote
> -       systemd-journal-upload -1 systemd-journal-upload -1 * - - -
> Journal Upload
>         $(SYSTEMD_COREDUMP_USER)
>         $(SYSTEMD_NETWORKD_USER)
>         $(SYSTEMD_RESOLVED_USER)
> --
> 2.24.1
>
> _______________________________________________
> buildroot mailing list
> buildroot at busybox.net
> http://lists.busybox.net/mailman/listinfo/buildroot
>


-- 
[image: SMILE]  <http://www.smile.eu/>

20 rue des Jardins
92600 Asni?res-sur-Seine
*J?r?my ROSEN*
Architecte technique

[image: email] jeremy.rosen at smile.fr
[image: phone]  +33 6 88 25 87 42
[image: url] http://www.smile.eu

[image: Twitter] <https://twitter.com/GroupeSmile> [image: Facebook]
<https://www.facebook.com/smileopensource> [image: LinkedIn]
<https://www.linkedin.com/company/smile> [image: Github]
<https://github.com/Smile-SA>

[image: D?couvrez l?univers Smile, rendez-vous sur smile.eu]
<https://www.smile.eu/fr/publications/livres-blancs/yocto?utm_source=signature&utm_medium=email&utm_campaign=signature>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.busybox.net/pipermail/buildroot/attachments/20200207/01b5f147/attachment.html>

[Buildroot] [PATCH 04/10] package/systemd: create "remote" user if the feature is enabled

[Jérémy ROSEN]

Reviewed-by: J?r?my Rosen <jeremy.rosen@smile.fr>

Le jeu. 6 f?vr. 2020 ? 10:37, Norbert Lange <nolange79@gmail.com> a ?crit :

> Signed-off-by: Norbert Lange <nolange79@gmail.com>
> ---
>  package/systemd/systemd.mk | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/package/systemd/systemd.mk b/package/systemd/systemd.mk
> index b46c4fd540..b3e83b5d3b 100644
> --- a/package/systemd/systemd.mk
> +++ b/package/systemd/systemd.mk
> @@ -181,6 +181,7 @@ endif
>
>  ifeq ($(BR2_PACKAGE_SYSTEMD_JOURNAL_REMOTE),y)
>  SYSTEMD_CONF_OPTS += -Dremote=true
> +SYSTEMD_REMOTE_USER = systemd-journal-remote -1 systemd-journal-remote -1
> * /var/log/journal/remote - - Journal Remote
>  else
>  SYSTEMD_CONF_OPTS += -Dremote=false
>  endif
> @@ -431,7 +432,7 @@ define SYSTEMD_USERS
>         - - systemd-journal -1 * - - - Journal
>         - - render -1 * - - - DRI rendering nodes
>         - - kvm -1 * - - - kvm nodes
> -       systemd-journal-remote -1 systemd-journal-remote -1 *
> /var/log/journal/remote - - Journal Remote
> +       $(SYSTEMD_REMOTE_USER)
>         $(SYSTEMD_COREDUMP_USER)
>         $(SYSTEMD_NETWORKD_USER)
>         $(SYSTEMD_RESOLVED_USER)
> --
> 2.24.1
>
> _______________________________________________
> buildroot mailing list
> buildroot at busybox.net
> http://lists.busybox.net/mailman/listinfo/buildroot
>


-- 
[image: SMILE]  <http://www.smile.eu/>

20 rue des Jardins
92600 Asni?res-sur-Seine
*J?r?my ROSEN*
Architecte technique

[image: email] jeremy.rosen at smile.fr
[image: phone]  +33 6 88 25 87 42
[image: url] http://www.smile.eu

[image: Twitter] <https://twitter.com/GroupeSmile> [image: Facebook]
<https://www.facebook.com/smileopensource> [image: LinkedIn]
<https://www.linkedin.com/company/smile> [image: Github]
<https://github.com/Smile-SA>

[image: D?couvrez l?univers Smile, rendez-vous sur smile.eu]
<https://www.smile.eu/fr/publications/livres-blancs/yocto?utm_source=signature&utm_medium=email&utm_campaign=signature>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.busybox.net/pipermail/buildroot/attachments/20200207/241524fe/attachment.html>

[Buildroot] [PATCH 05/10] package/systemd: cosmetic rearrange list of users

[Jérémy ROSEN]

could you add a line pointing to the corresponding file in systemd's source
code (i.e the sysuser file from upstream)
that would help future reviewers

apart from that

Reviewed-by: J?r?my Rosen <jeremy.rosen@smile.fr>

Le jeu. 6 f?vr. 2020 ? 10:37, Norbert Lange <nolange79@gmail.com> a ?crit :

> Signed-off-by: Norbert Lange <nolange79@gmail.com>
> ---
>  package/systemd/systemd.mk | 4 +++-
>  1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/package/systemd/systemd.mk b/package/systemd/systemd.mk
> index b3e83b5d3b..b6bd85f130 100644
> --- a/package/systemd/systemd.mk
> +++ b/package/systemd/systemd.mk
> @@ -428,10 +428,12 @@ define SYSTEMD_INSTALL_IMAGES_CMDS
>  endef
>
>  define SYSTEMD_USERS
> +       # udev user groups
>         - - input -1 * - - - Input device group
> -       - - systemd-journal -1 * - - - Journal
>         - - render -1 * - - - DRI rendering nodes
>         - - kvm -1 * - - - kvm nodes
> +       # systemd user groups
> +       - - systemd-journal -1 * - - - Journal
>         $(SYSTEMD_REMOTE_USER)
>         $(SYSTEMD_COREDUMP_USER)
>         $(SYSTEMD_NETWORKD_USER)
> --
> 2.24.1
>
> _______________________________________________
> buildroot mailing list
> buildroot at busybox.net
> http://lists.busybox.net/mailman/listinfo/buildroot
>


-- 
[image: SMILE]  <http://www.smile.eu/>

20 rue des Jardins
92600 Asni?res-sur-Seine
*J?r?my ROSEN*
Architecte technique

[image: email] jeremy.rosen at smile.fr
[image: phone]  +33 6 88 25 87 42
[image: url] http://www.smile.eu

[image: Twitter] <https://twitter.com/GroupeSmile> [image: Facebook]
<https://www.facebook.com/smileopensource> [image: LinkedIn]
<https://www.linkedin.com/company/smile> [image: Github]
<https://github.com/Smile-SA>

[image: D?couvrez l?univers Smile, rendez-vous sur smile.eu]
<https://www.smile.eu/fr/publications/livres-blancs/yocto?utm_source=signature&utm_medium=email&utm_campaign=signature>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.busybox.net/pipermail/buildroot/attachments/20200207/2efa99e0/attachment.html>

[Buildroot] [PATCH 03/10] package/systemd: remove unused user accounts

[Norbert Lange]

Sure, but that could get tricky is you dont enable sysuser.d on the target,
then you would need to grab the files from the host installation and use
similar build-options as the target.

Some smart infrastructure work would be needed to not complicate things
between non-system, systemd with option x disabled,
and full systemd.

Am Fr., 7. Feb. 2020 um 10:11 Uhr schrieb J?r?my ROSEN <
jeremy.rosen@smile.fr>:

> Yes...
> Long term we should use systems-sysuser for that, so upstream trickles
> down automatically
>
> in the mean time,
>
> Reviewed-by: J?r?my Rosen <jeremy.rosen@smile.fr>
>
>
> Le jeu. 6 f?vr. 2020 ? 10:37, Norbert Lange <nolange79@gmail.com> a
> ?crit :
>
>> Since V235 the "gateway" and "upload" services use DynamicUsers,
>> requiring no entries in /etc/passwd.
>> This functionality requires option nss-systemd, which is always
>> enabled in buildroot.
>>
>> The "bus-proxy" user was removed in V230
>>
>> Signed-off-by: Norbert Lange <nolange79@gmail.com>
>> ---
>>  package/systemd/systemd.mk | 3 ---
>>  1 file changed, 3 deletions(-)
>>
>> diff --git a/package/systemd/systemd.mk b/package/systemd/systemd.mk
>> index a390cdd1a9..b46c4fd540 100644
>> --- a/package/systemd/systemd.mk
>> +++ b/package/systemd/systemd.mk
>> @@ -431,10 +431,7 @@ define SYSTEMD_USERS
>>         - - systemd-journal -1 * - - - Journal
>>         - - render -1 * - - - DRI rendering nodes
>>         - - kvm -1 * - - - kvm nodes
>> -       systemd-bus-proxy -1 systemd-bus-proxy -1 * - - - Proxy D-Bus
>> messages to/from a bus
>> -       systemd-journal-gateway -1 systemd-journal-gateway -1 *
>> /var/log/journal - - Journal Gateway
>>         systemd-journal-remote -1 systemd-journal-remote -1 *
>> /var/log/journal/remote - - Journal Remote
>> -       systemd-journal-upload -1 systemd-journal-upload -1 * - - -
>> Journal Upload
>>         $(SYSTEMD_COREDUMP_USER)
>>         $(SYSTEMD_NETWORKD_USER)
>>         $(SYSTEMD_RESOLVED_USER)
>> --
>> 2.24.1
>>
>> _______________________________________________
>> buildroot mailing list
>> buildroot at busybox.net
>> http://lists.busybox.net/mailman/listinfo/buildroot
>>
>
>
> --
> [image: SMILE]  <http://www.smile.eu/>
>
> 20 rue des Jardins
> 92600 Asni?res-sur-Seine
> *J?r?my ROSEN*
> Architecte technique
>
> [image: email] jeremy.rosen at smile.fr
> [image: phone]  +33 6 88 25 87 42
> [image: url] http://www.smile.eu
>
> [image: Twitter] <https://twitter.com/GroupeSmile> [image: Facebook]
> <https://www.facebook.com/smileopensource> [image: LinkedIn]
> <https://www.linkedin.com/company/smile> [image: Github]
> <https://github.com/Smile-SA>
>
> [image: D?couvrez l?univers Smile, rendez-vous sur smile.eu]
> <https://www.smile.eu/fr/publications/livres-blancs/yocto?utm_source=signature&utm_medium=email&utm_campaign=signature>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.busybox.net/pipermail/buildroot/attachments/20200207/e674c793/attachment.html>

[Buildroot] [PATCH 03/10] package/systemd: remove unused user accounts

[Jérémy ROSEN]

That's already in place. We already build host-systemd whenever we build
systemd (host-sysuser is currently disabled but that's trivial to enable)

It's just a question of doing it, really... and teaching mkusers a few
trick to go with it

Le ven. 7 f?vr. 2020 ? 13:41, Norbert Lange <nolange79@gmail.com> a ?crit :

> Sure, but that could get tricky is you dont enable sysuser.d on the target,
> then you would need to grab the files from the host installation and use
> similar build-options as the target.
>
> Some smart infrastructure work would be needed to not complicate things
> between non-system, systemd with option x disabled,
> and full systemd.
>
> Am Fr., 7. Feb. 2020 um 10:11 Uhr schrieb J?r?my ROSEN <
> jeremy.rosen at smile.fr>:
>
>> Yes...
>> Long term we should use systems-sysuser for that, so upstream trickles
>> down automatically
>>
>> in the mean time,
>>
>> Reviewed-by: J?r?my Rosen <jeremy.rosen@smile.fr>
>>
>>
>> Le jeu. 6 f?vr. 2020 ? 10:37, Norbert Lange <nolange79@gmail.com> a
>> ?crit :
>>
>>> Since V235 the "gateway" and "upload" services use DynamicUsers,
>>> requiring no entries in /etc/passwd.
>>> This functionality requires option nss-systemd, which is always
>>> enabled in buildroot.
>>>
>>> The "bus-proxy" user was removed in V230
>>>
>>> Signed-off-by: Norbert Lange <nolange79@gmail.com>
>>> ---
>>>  package/systemd/systemd.mk | 3 ---
>>>  1 file changed, 3 deletions(-)
>>>
>>> diff --git a/package/systemd/systemd.mk b/package/systemd/systemd.mk
>>> index a390cdd1a9..b46c4fd540 100644
>>> --- a/package/systemd/systemd.mk
>>> +++ b/package/systemd/systemd.mk
>>> @@ -431,10 +431,7 @@ define SYSTEMD_USERS
>>>         - - systemd-journal -1 * - - - Journal
>>>         - - render -1 * - - - DRI rendering nodes
>>>         - - kvm -1 * - - - kvm nodes
>>> -       systemd-bus-proxy -1 systemd-bus-proxy -1 * - - - Proxy D-Bus
>>> messages to/from a bus
>>> -       systemd-journal-gateway -1 systemd-journal-gateway -1 *
>>> /var/log/journal - - Journal Gateway
>>>         systemd-journal-remote -1 systemd-journal-remote -1 *
>>> /var/log/journal/remote - - Journal Remote
>>> -       systemd-journal-upload -1 systemd-journal-upload -1 * - - -
>>> Journal Upload
>>>         $(SYSTEMD_COREDUMP_USER)
>>>         $(SYSTEMD_NETWORKD_USER)
>>>         $(SYSTEMD_RESOLVED_USER)
>>> --
>>> 2.24.1
>>>
>>> _______________________________________________
>>> buildroot mailing list
>>> buildroot at busybox.net
>>> http://lists.busybox.net/mailman/listinfo/buildroot
>>>
>>
>>
>> --
>> [image: SMILE]  <http://www.smile.eu/>
>>
>> 20 rue des Jardins
>> 92600 Asni?res-sur-Seine
>> *J?r?my ROSEN*
>> Architecte technique
>>
>> [image: email] jeremy.rosen at smile.fr
>> [image: phone]  +33 6 88 25 87 42
>> [image: url] http://www.smile.eu
>>
>> [image: Twitter] <https://twitter.com/GroupeSmile> [image: Facebook]
>> <https://www.facebook.com/smileopensource> [image: LinkedIn]
>> <https://www.linkedin.com/company/smile> [image: Github]
>> <https://github.com/Smile-SA>
>>
>> [image: D?couvrez l?univers Smile, rendez-vous sur smile.eu]
>> <https://www.smile.eu/fr/publications/livres-blancs/yocto?utm_source=signature&utm_medium=email&utm_campaign=signature>
>>
>

-- 
[image: SMILE]  <http://www.smile.eu/>

20 rue des Jardins
92600 Asni?res-sur-Seine
*J?r?my ROSEN*
Architecte technique

[image: email] jeremy.rosen at smile.fr
[image: phone]  +33 6 88 25 87 42
[image: url] http://www.smile.eu

[image: Twitter] <https://twitter.com/GroupeSmile> [image: Facebook]
<https://www.facebook.com/smileopensource> [image: LinkedIn]
<https://www.linkedin.com/company/smile> [image: Github]
<https://github.com/Smile-SA>

[image: D?couvrez l?univers Smile, rendez-vous sur smile.eu]
<https://www.smile.eu/fr/publications/livres-blancs/yocto?utm_source=signature&utm_medium=email&utm_campaign=signature>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.busybox.net/pipermail/buildroot/attachments/20200207/0d5a32cf/attachment.html>

[Buildroot] [PATCH 05/10] package/systemd: cosmetic rearrange list of users

[Norbert Lange]

Not sure if you meant to reply to patch #6 instead.

The main reference is the README, and the templates in sysusers.d.
You want me to add this as comment in the .mk file if I understood
correctly?

Also I am not sure why those users/groups aren't already in the systemd
skeleton.

Should I post just an amended Patch #5 or wait a while to redo the series
once I got feedback for the rest?

Am Fr., 7. Feb. 2020 um 10:13 Uhr schrieb J?r?my ROSEN <
jeremy.rosen@smile.fr>:

> could you add a line pointing to the corresponding file in
> systemd's source code (i.e the sysuser file from upstream)
> that would help future reviewers
>
> apart from that
>
> Reviewed-by: J?r?my Rosen <jeremy.rosen@smile.fr>
>
> Le jeu. 6 f?vr. 2020 ? 10:37, Norbert Lange <nolange79@gmail.com> a
> ?crit :
>
>> Signed-off-by: Norbert Lange <nolange79@gmail.com>
>> ---
>>  package/systemd/systemd.mk | 4 +++-
>>  1 file changed, 3 insertions(+), 1 deletion(-)
>>
>> diff --git a/package/systemd/systemd.mk b/package/systemd/systemd.mk
>> index b3e83b5d3b..b6bd85f130 100644
>> --- a/package/systemd/systemd.mk
>> +++ b/package/systemd/systemd.mk
>> @@ -428,10 +428,12 @@ define SYSTEMD_INSTALL_IMAGES_CMDS
>>  endef
>>
>>  define SYSTEMD_USERS
>> +       # udev user groups
>>         - - input -1 * - - - Input device group
>> -       - - systemd-journal -1 * - - - Journal
>>         - - render -1 * - - - DRI rendering nodes
>>         - - kvm -1 * - - - kvm nodes
>> +       # systemd user groups
>> +       - - systemd-journal -1 * - - - Journal
>>         $(SYSTEMD_REMOTE_USER)
>>         $(SYSTEMD_COREDUMP_USER)
>>         $(SYSTEMD_NETWORKD_USER)
>> --
>> 2.24.1
>>
>> _______________________________________________
>> buildroot mailing list
>> buildroot at busybox.net
>> http://lists.busybox.net/mailman/listinfo/buildroot
>>
>
>
> --
> [image: SMILE]  <http://www.smile.eu/>
>
> 20 rue des Jardins
> 92600 Asni?res-sur-Seine
> *J?r?my ROSEN*
> Architecte technique
>
> [image: email] jeremy.rosen at smile.fr
> [image: phone]  +33 6 88 25 87 42
> [image: url] http://www.smile.eu
>
> [image: Twitter] <https://twitter.com/GroupeSmile> [image: Facebook]
> <https://www.facebook.com/smileopensource> [image: LinkedIn]
> <https://www.linkedin.com/company/smile> [image: Github]
> <https://github.com/Smile-SA>
>
> [image: D?couvrez l?univers Smile, rendez-vous sur smile.eu]
> <https://www.smile.eu/fr/publications/livres-blancs/yocto?utm_source=signature&utm_medium=email&utm_campaign=signature>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.busybox.net/pipermail/buildroot/attachments/20200207/11bea59e/attachment.html>

[Buildroot] [PATCH 03/10] package/systemd: remove unused user accounts

[Norbert Lange]

I mean if you dont enable host target sysuser, systemd and other packages
might not install the config files (these are after all just used for
preparing a system).
if you for example enable journal-remote and not sysuser on the target, you
would need to enable  journal-remote and sysuser on the host, then grab the
config files from the host.

Sure, everything can be solved somehow, but it would be easier to figure
out the correct way *before* someone begins hacking ( see
https://github.com/systemd/systemd/issues/14806 ).

For ex. you could always enable sysuser on the target and just offer an
option to remove those files in the rootfs image afterwards.

Norbert

Am Fr., 7. Feb. 2020 um 13:44 Uhr schrieb J?r?my ROSEN <
jeremy.rosen@smile.fr>:

> That's already in place. We already build host-systemd whenever we build
> systemd (host-sysuser is currently disabled but that's trivial to enable)
>
> It's just a question of doing it, really... and teaching mkusers a few
> trick to go with it
>
> Le ven. 7 f?vr. 2020 ? 13:41, Norbert Lange <nolange79@gmail.com> a
> ?crit :
>
>> Sure, but that could get tricky is you dont enable sysuser.d on the
>> target,
>> then you would need to grab the files from the host installation and use
>> similar build-options as the target.
>>
>> Some smart infrastructure work would be needed to not complicate things
>> between non-system, systemd with option x disabled,
>> and full systemd.
>>
>> Am Fr., 7. Feb. 2020 um 10:11 Uhr schrieb J?r?my ROSEN <
>> jeremy.rosen at smile.fr>:
>>
>>> Yes...
>>> Long term we should use systems-sysuser for that, so upstream trickles
>>> down automatically
>>>
>>> in the mean time,
>>>
>>> Reviewed-by: J?r?my Rosen <jeremy.rosen@smile.fr>
>>>
>>>
>>> Le jeu. 6 f?vr. 2020 ? 10:37, Norbert Lange <nolange79@gmail.com> a
>>> ?crit :
>>>
>>>> Since V235 the "gateway" and "upload" services use DynamicUsers,
>>>> requiring no entries in /etc/passwd.
>>>> This functionality requires option nss-systemd, which is always
>>>> enabled in buildroot.
>>>>
>>>> The "bus-proxy" user was removed in V230
>>>>
>>>> Signed-off-by: Norbert Lange <nolange79@gmail.com>
>>>> ---
>>>>  package/systemd/systemd.mk | 3 ---
>>>>  1 file changed, 3 deletions(-)
>>>>
>>>> diff --git a/package/systemd/systemd.mk b/package/systemd/systemd.mk
>>>> index a390cdd1a9..b46c4fd540 100644
>>>> --- a/package/systemd/systemd.mk
>>>> +++ b/package/systemd/systemd.mk
>>>> @@ -431,10 +431,7 @@ define SYSTEMD_USERS
>>>>         - - systemd-journal -1 * - - - Journal
>>>>         - - render -1 * - - - DRI rendering nodes
>>>>         - - kvm -1 * - - - kvm nodes
>>>> -       systemd-bus-proxy -1 systemd-bus-proxy -1 * - - - Proxy D-Bus
>>>> messages to/from a bus
>>>> -       systemd-journal-gateway -1 systemd-journal-gateway -1 *
>>>> /var/log/journal - - Journal Gateway
>>>>         systemd-journal-remote -1 systemd-journal-remote -1 *
>>>> /var/log/journal/remote - - Journal Remote
>>>> -       systemd-journal-upload -1 systemd-journal-upload -1 * - - -
>>>> Journal Upload
>>>>         $(SYSTEMD_COREDUMP_USER)
>>>>         $(SYSTEMD_NETWORKD_USER)
>>>>         $(SYSTEMD_RESOLVED_USER)
>>>> --
>>>> 2.24.1
>>>>
>>>> _______________________________________________
>>>> buildroot mailing list
>>>> buildroot at busybox.net
>>>> http://lists.busybox.net/mailman/listinfo/buildroot
>>>>
>>>
>>>
>>> --
>>> [image: SMILE]  <http://www.smile.eu/>
>>>
>>> 20 rue des Jardins
>>> 92600 Asni?res-sur-Seine
>>> *J?r?my ROSEN*
>>> Architecte technique
>>>
>>> [image: email] jeremy.rosen at smile.fr
>>> [image: phone]  +33 6 88 25 87 42
>>> [image: url] http://www.smile.eu
>>>
>>> [image: Twitter] <https://twitter.com/GroupeSmile> [image: Facebook]
>>> <https://www.facebook.com/smileopensource> [image: LinkedIn]
>>> <https://www.linkedin.com/company/smile> [image: Github]
>>> <https://github.com/Smile-SA>
>>>
>>> [image: D?couvrez l?univers Smile, rendez-vous sur smile.eu]
>>> <https://www.smile.eu/fr/publications/livres-blancs/yocto?utm_source=signature&utm_medium=email&utm_campaign=signature>
>>>
>>
>
> --
> [image: SMILE]  <http://www.smile.eu/>
>
> 20 rue des Jardins
> 92600 Asni?res-sur-Seine
> *J?r?my ROSEN*
> Architecte technique
>
> [image: email] jeremy.rosen at smile.fr
> [image: phone]  +33 6 88 25 87 42
> [image: url] http://www.smile.eu
>
> [image: Twitter] <https://twitter.com/GroupeSmile> [image: Facebook]
> <https://www.facebook.com/smileopensource> [image: LinkedIn]
> <https://www.linkedin.com/company/smile> [image: Github]
> <https://github.com/Smile-SA>
>
> [image: D?couvrez l?univers Smile, rendez-vous sur smile.eu]
> <https://www.smile.eu/fr/publications/livres-blancs/yocto?utm_source=signature&utm_medium=email&utm_campaign=signature>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.busybox.net/pipermail/buildroot/attachments/20200207/1b3fde0a/attachment.html>

[Buildroot] [PATCH 05/10] package/systemd: cosmetic rearrange list of users

[Jérémy ROSEN]

Le ven. 7 f?vr. 2020 ? 13:47, Norbert Lange <nolange79@gmail.com> a ?crit :

> Not sure if you meant to reply to patch #6 instead.
>
> maybe :P


> The main reference is the README, and the templates in sysusers.d.
> You want me to add this as comment in the .mk file if I understood
> correctly?
>
> That's very minor... I meant pointing to the sysusers.d files so someone
that doesn't know systemd as well can check that nothing has changed


> Also I am not sure why those users/groups aren't already in the systemd
> skeleton.
>
> That's a pretty good question. Also, since they are created by
mkusers they have a UID > 1000 that confuses journald.
(they get their own journal files, as if they were normal users, instead of
being logged only in the system journals)


> Should I post just an amended Patch #5 or wait a while to redo the series
> once I got feedback for the rest?
>
> Wait for more feedback, that's too minor to have you respin just for that.

Cheers
Jeremy


> Am Fr., 7. Feb. 2020 um 10:13 Uhr schrieb J?r?my ROSEN <
> jeremy.rosen at smile.fr>:
>
>> could you add a line pointing to the corresponding file in
>> systemd's source code (i.e the sysuser file from upstream)
>> that would help future reviewers
>>
>> apart from that
>>
>> Reviewed-by: J?r?my Rosen <jeremy.rosen@smile.fr>
>>
>> Le jeu. 6 f?vr. 2020 ? 10:37, Norbert Lange <nolange79@gmail.com> a
>> ?crit :
>>
>>> Signed-off-by: Norbert Lange <nolange79@gmail.com>
>>> ---
>>>  package/systemd/systemd.mk | 4 +++-
>>>  1 file changed, 3 insertions(+), 1 deletion(-)
>>>
>>> diff --git a/package/systemd/systemd.mk b/package/systemd/systemd.mk
>>> index b3e83b5d3b..b6bd85f130 100644
>>> --- a/package/systemd/systemd.mk
>>> +++ b/package/systemd/systemd.mk
>>> @@ -428,10 +428,12 @@ define SYSTEMD_INSTALL_IMAGES_CMDS
>>>  endef
>>>
>>>  define SYSTEMD_USERS
>>> +       # udev user groups
>>>         - - input -1 * - - - Input device group
>>> -       - - systemd-journal -1 * - - - Journal
>>>         - - render -1 * - - - DRI rendering nodes
>>>         - - kvm -1 * - - - kvm nodes
>>> +       # systemd user groups
>>> +       - - systemd-journal -1 * - - - Journal
>>>         $(SYSTEMD_REMOTE_USER)
>>>         $(SYSTEMD_COREDUMP_USER)
>>>         $(SYSTEMD_NETWORKD_USER)
>>> --
>>> 2.24.1
>>>
>>> _______________________________________________
>>> buildroot mailing list
>>> buildroot at busybox.net
>>> http://lists.busybox.net/mailman/listinfo/buildroot
>>>
>>
>>
>> --
>> [image: SMILE]  <http://www.smile.eu/>
>>
>> 20 rue des Jardins
>> 92600 Asni?res-sur-Seine
>> *J?r?my ROSEN*
>> Architecte technique
>>
>> [image: email] jeremy.rosen at smile.fr
>> [image: phone]  +33 6 88 25 87 42
>> [image: url] http://www.smile.eu
>>
>> [image: Twitter] <https://twitter.com/GroupeSmile> [image: Facebook]
>> <https://www.facebook.com/smileopensource> [image: LinkedIn]
>> <https://www.linkedin.com/company/smile> [image: Github]
>> <https://github.com/Smile-SA>
>>
>> [image: D?couvrez l?univers Smile, rendez-vous sur smile.eu]
>> <https://www.smile.eu/fr/publications/livres-blancs/yocto?utm_source=signature&utm_medium=email&utm_campaign=signature>
>>
>

-- 
[image: SMILE]  <http://www.smile.eu/>

20 rue des Jardins
92600 Asni?res-sur-Seine
*J?r?my ROSEN*
Architecte technique

[image: email] jeremy.rosen at smile.fr
[image: phone]  +33 6 88 25 87 42
[image: url] http://www.smile.eu

[image: Twitter] <https://twitter.com/GroupeSmile> [image: Facebook]
<https://www.facebook.com/smileopensource> [image: LinkedIn]
<https://www.linkedin.com/company/smile> [image: Github]
<https://github.com/Smile-SA>

[image: D?couvrez l?univers Smile, rendez-vous sur smile.eu]
<https://www.smile.eu/fr/publications/livres-blancs/yocto?utm_source=signature&utm_medium=email&utm_campaign=signature>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.busybox.net/pipermail/buildroot/attachments/20200207/1cf7dd76/attachment.html>

[Buildroot] [PATCH 03/10] package/systemd: remove unused user accounts

[Jérémy ROSEN]

Le ven. 7 f?vr. 2020 ? 13:52, Norbert Lange <nolange79@gmail.com> a ?crit :

>
> I mean if you dont enable host target sysuser, systemd and other packages
> might not install the config files (these are after all just used for
> preparing a system).
>

hmm... interesting point.
How can a package detect if sysuser is enabled ? is there a pkg-config
option for that ?



> if you for example enable journal-remote and not sysuser on the target,
> you would need to enable  journal-remote and sysuser on the host, then grab
> the config files from the host.
>
> yes, I see your point
maybe it would be simpler to configure with sysuser both for target and
host and remove the binary from the target ?

Thinking out-lout at this point. I'm not sure if that's a good idea.



> Sure, everything can be solved somehow, but it would be easier to figure
> out the correct way *before* someone begins hacking ( see
> https://github.com/systemd/systemd/issues/14806 ).
>
> For ex. you could always enable sysuser on the target and just offer an
> option to remove those files in the rootfs image afterwards.
>
>
Right.... Those files never make sense on the target anyway.
Buildroot philosophy is that you can't install software after the fact on
the target and it's ok to remove tools that are only used to install stuff
after the fact
(that's why the rules files for hwdb are never on the target)

so in a way... we always need sysuser on the host and we never use it on
the target.
This all needs more thinking. but there is no emergency. that's for a
future patch.


Norbert
>
> Am Fr., 7. Feb. 2020 um 13:44 Uhr schrieb J?r?my ROSEN <
> jeremy.rosen at smile.fr>:
>
>> That's already in place. We already build host-systemd whenever we build
>> systemd (host-sysuser is currently disabled but that's trivial to enable)
>>
>> It's just a question of doing it, really... and teaching mkusers a few
>> trick to go with it
>>
>> Le ven. 7 f?vr. 2020 ? 13:41, Norbert Lange <nolange79@gmail.com> a
>> ?crit :
>>
>>> Sure, but that could get tricky is you dont enable sysuser.d on the
>>> target,
>>> then you would need to grab the files from the host installation and use
>>> similar build-options as the target.
>>>
>>> Some smart infrastructure work would be needed to not complicate things
>>> between non-system, systemd with option x disabled,
>>> and full systemd.
>>>
>>> Am Fr., 7. Feb. 2020 um 10:11 Uhr schrieb J?r?my ROSEN <
>>> jeremy.rosen at smile.fr>:
>>>
>>>> Yes...
>>>> Long term we should use systems-sysuser for that, so upstream trickles
>>>> down automatically
>>>>
>>>> in the mean time,
>>>>
>>>> Reviewed-by: J?r?my Rosen <jeremy.rosen@smile.fr>
>>>>
>>>>
>>>> Le jeu. 6 f?vr. 2020 ? 10:37, Norbert Lange <nolange79@gmail.com> a
>>>> ?crit :
>>>>
>>>>> Since V235 the "gateway" and "upload" services use DynamicUsers,
>>>>> requiring no entries in /etc/passwd.
>>>>> This functionality requires option nss-systemd, which is always
>>>>> enabled in buildroot.
>>>>>
>>>>> The "bus-proxy" user was removed in V230
>>>>>
>>>>> Signed-off-by: Norbert Lange <nolange79@gmail.com>
>>>>> ---
>>>>>  package/systemd/systemd.mk | 3 ---
>>>>>  1 file changed, 3 deletions(-)
>>>>>
>>>>> diff --git a/package/systemd/systemd.mk b/package/systemd/systemd.mk
>>>>> index a390cdd1a9..b46c4fd540 100644
>>>>> --- a/package/systemd/systemd.mk
>>>>> +++ b/package/systemd/systemd.mk
>>>>> @@ -431,10 +431,7 @@ define SYSTEMD_USERS
>>>>>         - - systemd-journal -1 * - - - Journal
>>>>>         - - render -1 * - - - DRI rendering nodes
>>>>>         - - kvm -1 * - - - kvm nodes
>>>>> -       systemd-bus-proxy -1 systemd-bus-proxy -1 * - - - Proxy D-Bus
>>>>> messages to/from a bus
>>>>> -       systemd-journal-gateway -1 systemd-journal-gateway -1 *
>>>>> /var/log/journal - - Journal Gateway
>>>>>         systemd-journal-remote -1 systemd-journal-remote -1 *
>>>>> /var/log/journal/remote - - Journal Remote
>>>>> -       systemd-journal-upload -1 systemd-journal-upload -1 * - - -
>>>>> Journal Upload
>>>>>         $(SYSTEMD_COREDUMP_USER)
>>>>>         $(SYSTEMD_NETWORKD_USER)
>>>>>         $(SYSTEMD_RESOLVED_USER)
>>>>> --
>>>>> 2.24.1
>>>>>
>>>>> _______________________________________________
>>>>> buildroot mailing list
>>>>> buildroot at busybox.net
>>>>> http://lists.busybox.net/mailman/listinfo/buildroot
>>>>>
>>>>
>>>>
>>>> --
>>>> [image: SMILE]  <http://www.smile.eu/>
>>>>
>>>> 20 rue des Jardins
>>>> 92600 Asni?res-sur-Seine
>>>> *J?r?my ROSEN*
>>>> Architecte technique
>>>>
>>>> [image: email] jeremy.rosen at smile.fr
>>>> [image: phone]  +33 6 88 25 87 42
>>>> [image: url] http://www.smile.eu
>>>>
>>>> [image: Twitter] <https://twitter.com/GroupeSmile> [image: Facebook]
>>>> <https://www.facebook.com/smileopensource> [image: LinkedIn]
>>>> <https://www.linkedin.com/company/smile> [image: Github]
>>>> <https://github.com/Smile-SA>
>>>>
>>>> [image: D?couvrez l?univers Smile, rendez-vous sur smile.eu]
>>>> <https://www.smile.eu/fr/publications/livres-blancs/yocto?utm_source=signature&utm_medium=email&utm_campaign=signature>
>>>>
>>>
>>
>> --
>> [image: SMILE]  <http://www.smile.eu/>
>>
>> 20 rue des Jardins
>> 92600 Asni?res-sur-Seine
>> *J?r?my ROSEN*
>> Architecte technique
>>
>> [image: email] jeremy.rosen at smile.fr
>> [image: phone]  +33 6 88 25 87 42
>> [image: url] http://www.smile.eu
>>
>> [image: Twitter] <https://twitter.com/GroupeSmile> [image: Facebook]
>> <https://www.facebook.com/smileopensource> [image: LinkedIn]
>> <https://www.linkedin.com/company/smile> [image: Github]
>> <https://github.com/Smile-SA>
>>
>> [image: D?couvrez l?univers Smile, rendez-vous sur smile.eu]
>> <https://www.smile.eu/fr/publications/livres-blancs/yocto?utm_source=signature&utm_medium=email&utm_campaign=signature>
>>
>

-- 
[image: SMILE]  <http://www.smile.eu/>

20 rue des Jardins
92600 Asni?res-sur-Seine
*J?r?my ROSEN*
Architecte technique

[image: email] jeremy.rosen at smile.fr
[image: phone]  +33 6 88 25 87 42
[image: url] http://www.smile.eu

[image: Twitter] <https://twitter.com/GroupeSmile> [image: Facebook]
<https://www.facebook.com/smileopensource> [image: LinkedIn]
<https://www.linkedin.com/company/smile> [image: Github]
<https://github.com/Smile-SA>

[image: D?couvrez l?univers Smile, rendez-vous sur smile.eu]
<https://www.smile.eu/fr/publications/livres-blancs/yocto?utm_source=signature&utm_medium=email&utm_campaign=signature>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.busybox.net/pipermail/buildroot/attachments/20200207/86f4f707/attachment.html>

[Buildroot] [PATCH 05/10] package/systemd: cosmetic rearrange list of users

[Norbert Lange]

mkuser creating users by default if a Bug IMHO, the only non-system users
are those
that are explicitly defined.
Did not know journald acts differently based on UIDs btw.

I posted a patch to allow creating system users, but that would require
changing *every*
package adding users.
https://patchwork.ozlabs.org/patch/1222180/

Norbert

Am Fr., 7. Feb. 2020 um 13:53 Uhr schrieb J?r?my ROSEN <
jeremy.rosen@smile.fr>:

>
>
> Le ven. 7 f?vr. 2020 ? 13:47, Norbert Lange <nolange79@gmail.com> a
> ?crit :
>
>> Not sure if you meant to reply to patch #6 instead.
>>
>> maybe :P
>
>
>> The main reference is the README, and the templates in sysusers.d.
>> You want me to add this as comment in the .mk file if I understood
>> correctly?
>>
>> That's very minor... I meant pointing to the sysusers.d files so someone
> that doesn't know systemd as well can check that nothing has changed
>
>
>> Also I am not sure why those users/groups aren't already in the systemd
>> skeleton.
>>
>> That's a pretty good question. Also, since they are created by
> mkusers they have a UID > 1000 that confuses journald.
> (they get their own journal files, as if they were normal users, instead
> of being logged only in the system journals)
>
>
>> Should I post just an amended Patch #5 or wait a while to redo the series
>> once I got feedback for the rest?
>>
>> Wait for more feedback, that's too minor to have you respin just for that.
>
> Cheers
> Jeremy
>
>
>> Am Fr., 7. Feb. 2020 um 10:13 Uhr schrieb J?r?my ROSEN <
>> jeremy.rosen at smile.fr>:
>>
>>> could you add a line pointing to the corresponding file in
>>> systemd's source code (i.e the sysuser file from upstream)
>>> that would help future reviewers
>>>
>>> apart from that
>>>
>>> Reviewed-by: J?r?my Rosen <jeremy.rosen@smile.fr>
>>>
>>> Le jeu. 6 f?vr. 2020 ? 10:37, Norbert Lange <nolange79@gmail.com> a
>>> ?crit :
>>>
>>>> Signed-off-by: Norbert Lange <nolange79@gmail.com>
>>>> ---
>>>>  package/systemd/systemd.mk | 4 +++-
>>>>  1 file changed, 3 insertions(+), 1 deletion(-)
>>>>
>>>> diff --git a/package/systemd/systemd.mk b/package/systemd/systemd.mk
>>>> index b3e83b5d3b..b6bd85f130 100644
>>>> --- a/package/systemd/systemd.mk
>>>> +++ b/package/systemd/systemd.mk
>>>> @@ -428,10 +428,12 @@ define SYSTEMD_INSTALL_IMAGES_CMDS
>>>>  endef
>>>>
>>>>  define SYSTEMD_USERS
>>>> +       # udev user groups
>>>>         - - input -1 * - - - Input device group
>>>> -       - - systemd-journal -1 * - - - Journal
>>>>         - - render -1 * - - - DRI rendering nodes
>>>>         - - kvm -1 * - - - kvm nodes
>>>> +       # systemd user groups
>>>> +       - - systemd-journal -1 * - - - Journal
>>>>         $(SYSTEMD_REMOTE_USER)
>>>>         $(SYSTEMD_COREDUMP_USER)
>>>>         $(SYSTEMD_NETWORKD_USER)
>>>> --
>>>> 2.24.1
>>>>
>>>> _______________________________________________
>>>> buildroot mailing list
>>>> buildroot at busybox.net
>>>> http://lists.busybox.net/mailman/listinfo/buildroot
>>>>
>>>
>>>
>>> --
>>> [image: SMILE]  <http://www.smile.eu/>
>>>
>>> 20 rue des Jardins
>>> 92600 Asni?res-sur-Seine
>>> *J?r?my ROSEN*
>>> Architecte technique
>>>
>>> [image: email] jeremy.rosen at smile.fr
>>> [image: phone]  +33 6 88 25 87 42
>>> [image: url] http://www.smile.eu
>>>
>>> [image: Twitter] <https://twitter.com/GroupeSmile> [image: Facebook]
>>> <https://www.facebook.com/smileopensource> [image: LinkedIn]
>>> <https://www.linkedin.com/company/smile> [image: Github]
>>> <https://github.com/Smile-SA>
>>>
>>> [image: D?couvrez l?univers Smile, rendez-vous sur smile.eu]
>>> <https://www.smile.eu/fr/publications/livres-blancs/yocto?utm_source=signature&utm_medium=email&utm_campaign=signature>
>>>
>>
>
> --
> [image: SMILE]  <http://www.smile.eu/>
>
> 20 rue des Jardins
> 92600 Asni?res-sur-Seine
> *J?r?my ROSEN*
> Architecte technique
>
> [image: email] jeremy.rosen at smile.fr
> [image: phone]  +33 6 88 25 87 42
> [image: url] http://www.smile.eu
>
> [image: Twitter] <https://twitter.com/GroupeSmile> [image: Facebook]
> <https://www.facebook.com/smileopensource> [image: LinkedIn]
> <https://www.linkedin.com/company/smile> [image: Github]
> <https://github.com/Smile-SA>
>
> [image: D?couvrez l?univers Smile, rendez-vous sur smile.eu]
> <https://www.smile.eu/fr/publications/livres-blancs/yocto?utm_source=signature&utm_medium=email&utm_campaign=signature>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.busybox.net/pipermail/buildroot/attachments/20200207/cbb6856d/attachment.html>

[Buildroot] [PATCH 05/10] package/systemd: cosmetic rearrange list of users

[Jérémy ROSEN]

Le ven. 7 f?vr. 2020 ? 13:59, Norbert Lange <nolange79@gmail.com> a ?crit :

> mkuser creating users by default if a Bug IMHO, the only non-system users
> are those
>
that are explicitly defined.
>

Agreed. I'm already working on that. Patch to follow soon


> Did not know journald acts differently based on UIDs btw.
>
>
It's linked to the "per-user journal" feature. That feature is only active
for UID > 1000 (or wherever the system/human UID split is configured
but 1000 is the recommanded default and what buildroot uses)

 I posted a patch to allow creating system users, but that would require
changing *every*

> package adding users.
> https://patchwork.ozlabs.org/patch/1222180/
>
> Ok, I missed that patch (and reimplemented it :( my bad)
I'm in the process of changing every package, it's just a tedious grep
work, but it needs to be done.


> Norbert
>
> Am Fr., 7. Feb. 2020 um 13:53 Uhr schrieb J?r?my ROSEN <
> jeremy.rosen at smile.fr>:
>
>>
>>
>> Le ven. 7 f?vr. 2020 ? 13:47, Norbert Lange <nolange79@gmail.com> a
>> ?crit :
>>
>>> Not sure if you meant to reply to patch #6 instead.
>>>
>>> maybe :P
>>
>>
>>> The main reference is the README, and the templates in sysusers.d.
>>> You want me to add this as comment in the .mk file if I understood
>>> correctly?
>>>
>>> That's very minor... I meant pointing to the sysusers.d files so someone
>> that doesn't know systemd as well can check that nothing has changed
>>
>>
>>> Also I am not sure why those users/groups aren't already in the systemd
>>> skeleton.
>>>
>>> That's a pretty good question. Also, since they are created by
>> mkusers they have a UID > 1000 that confuses journald.
>> (they get their own journal files, as if they were normal users, instead
>> of being logged only in the system journals)
>>
>>
>>> Should I post just an amended Patch #5 or wait a while to redo the
>>> series once I got feedback for the rest?
>>>
>>> Wait for more feedback, that's too minor to have you respin just for
>> that.
>>
>> Cheers
>> Jeremy
>>
>>
>>> Am Fr., 7. Feb. 2020 um 10:13 Uhr schrieb J?r?my ROSEN <
>>> jeremy.rosen at smile.fr>:
>>>
>>>> could you add a line pointing to the corresponding file in
>>>> systemd's source code (i.e the sysuser file from upstream)
>>>> that would help future reviewers
>>>>
>>>> apart from that
>>>>
>>>> Reviewed-by: J?r?my Rosen <jeremy.rosen@smile.fr>
>>>>
>>>> Le jeu. 6 f?vr. 2020 ? 10:37, Norbert Lange <nolange79@gmail.com> a
>>>> ?crit :
>>>>
>>>>> Signed-off-by: Norbert Lange <nolange79@gmail.com>
>>>>> ---
>>>>>  package/systemd/systemd.mk | 4 +++-
>>>>>  1 file changed, 3 insertions(+), 1 deletion(-)
>>>>>
>>>>> diff --git a/package/systemd/systemd.mk b/package/systemd/systemd.mk
>>>>> index b3e83b5d3b..b6bd85f130 100644
>>>>> --- a/package/systemd/systemd.mk
>>>>> +++ b/package/systemd/systemd.mk
>>>>> @@ -428,10 +428,12 @@ define SYSTEMD_INSTALL_IMAGES_CMDS
>>>>>  endef
>>>>>
>>>>>  define SYSTEMD_USERS
>>>>> +       # udev user groups
>>>>>         - - input -1 * - - - Input device group
>>>>> -       - - systemd-journal -1 * - - - Journal
>>>>>         - - render -1 * - - - DRI rendering nodes
>>>>>         - - kvm -1 * - - - kvm nodes
>>>>> +       # systemd user groups
>>>>> +       - - systemd-journal -1 * - - - Journal
>>>>>         $(SYSTEMD_REMOTE_USER)
>>>>>         $(SYSTEMD_COREDUMP_USER)
>>>>>         $(SYSTEMD_NETWORKD_USER)
>>>>> --
>>>>> 2.24.1
>>>>>
>>>>> _______________________________________________
>>>>> buildroot mailing list
>>>>> buildroot at busybox.net
>>>>> http://lists.busybox.net/mailman/listinfo/buildroot
>>>>>
>>>>
>>>>
>>>> --
>>>> [image: SMILE]  <http://www.smile.eu/>
>>>>
>>>> 20 rue des Jardins
>>>> 92600 Asni?res-sur-Seine
>>>> *J?r?my ROSEN*
>>>> Architecte technique
>>>>
>>>> [image: email] jeremy.rosen at smile.fr
>>>> [image: phone]  +33 6 88 25 87 42
>>>> [image: url] http://www.smile.eu
>>>>
>>>> [image: Twitter] <https://twitter.com/GroupeSmile> [image: Facebook]
>>>> <https://www.facebook.com/smileopensource> [image: LinkedIn]
>>>> <https://www.linkedin.com/company/smile> [image: Github]
>>>> <https://github.com/Smile-SA>
>>>>
>>>> [image: D?couvrez l?univers Smile, rendez-vous sur smile.eu]
>>>> <https://www.smile.eu/fr/publications/livres-blancs/yocto?utm_source=signature&utm_medium=email&utm_campaign=signature>
>>>>
>>>
>>
>> --
>> [image: SMILE]  <http://www.smile.eu/>
>>
>> 20 rue des Jardins
>> 92600 Asni?res-sur-Seine
>> *J?r?my ROSEN*
>> Architecte technique
>>
>> [image: email] jeremy.rosen at smile.fr
>> [image: phone]  +33 6 88 25 87 42
>> [image: url] http://www.smile.eu
>>
>> [image: Twitter] <https://twitter.com/GroupeSmile> [image: Facebook]
>> <https://www.facebook.com/smileopensource> [image: LinkedIn]
>> <https://www.linkedin.com/company/smile> [image: Github]
>> <https://github.com/Smile-SA>
>>
>> [image: D?couvrez l?univers Smile, rendez-vous sur smile.eu]
>> <https://www.smile.eu/fr/publications/livres-blancs/yocto?utm_source=signature&utm_medium=email&utm_campaign=signature>
>>
>

-- 
[image: SMILE]  <http://www.smile.eu/>

20 rue des Jardins
92600 Asni?res-sur-Seine
*J?r?my ROSEN*
Architecte technique

[image: email] jeremy.rosen at smile.fr
[image: phone]  +33 6 88 25 87 42
[image: url] http://www.smile.eu

[image: Twitter] <https://twitter.com/GroupeSmile> [image: Facebook]
<https://www.facebook.com/smileopensource> [image: LinkedIn]
<https://www.linkedin.com/company/smile> [image: Github]
<https://github.com/Smile-SA>

[image: D?couvrez l?univers Smile, rendez-vous sur smile.eu]
<https://www.smile.eu/fr/publications/livres-blancs/yocto?utm_source=signature&utm_medium=email&utm_campaign=signature>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.busybox.net/pipermail/buildroot/attachments/20200207/b7020ed4/attachment.html>

[Buildroot] [PATCH 03/10] package/systemd: remove unused user accounts

[Norbert Lange]

Am Fr., 7. Feb. 2020 um 13:58 Uhr schrieb J?r?my ROSEN <
jeremy.rosen@smile.fr>:

>
>
> Le ven. 7 f?vr. 2020 ? 13:52, Norbert Lange <nolange79@gmail.com> a
> ?crit :
>
>>
>> I mean if you dont enable host target sysuser, systemd and other packages
>> might not install the config files (these are after all just used for
>> preparing a system).
>>
>
> hmm... interesting point.
> How can a package detect if sysuser is enabled ? is there a pkg-config
> option for that ?
>

No idea, its a recent addition so that's a hypothetical, its however
already true for systemd.
You could for ex. write checks for folders or the sysuser utility.


>
>
>
>> if you for example enable journal-remote and not sysuser on the target,
>> you would need to enable  journal-remote and sysuser on the host, then grab
>> the config files from the host.
>>
>> yes, I see your point
> maybe it would be simpler to configure with sysuser both for target and
> host and remove the binary from the target ?
>
> Thinking out-lout at this point. I'm not sure if that's a good idea.
>

I think that's actually the best way. run the tool, then remove the folders
and the tool from the target.
Think of an overlayfs that defines users with sysuser configs and the
folders/files/permissions with tmpfiles configs.


>
>
>
>> Sure, everything can be solved somehow, but it would be easier to figure
>> out the correct way *before* someone begins hacking ( see
>> https://github.com/systemd/systemd/issues/14806 ).
>>
>> For ex. you could always enable sysuser on the target and just offer an
>> option to remove those files in the rootfs image afterwards.
>>
>>
> Right.... Those files never make sense on the target anyway.
> Buildroot philosophy is that you can't install software after the fact on
> the target and it's ok to remove tools that are only used to install stuff
> after the fact
> (that's why the rules files for hwdb are never on the target)
>
> so in a way... we always need sysuser on the host and we never use it on
> the target.
> This all needs more thinking. but there is no emergency. that's for a
> future patch.
>

The guy in the bug report supposedly (plans to) work on it. From
experience, iterations on this list can take a long time.

>
>
> Norbert
>>
>> Am Fr., 7. Feb. 2020 um 13:44 Uhr schrieb J?r?my ROSEN <
>> jeremy.rosen at smile.fr>:
>>
>>> That's already in place. We already build host-systemd whenever we build
>>> systemd (host-sysuser is currently disabled but that's trivial to enable)
>>>
>>> It's just a question of doing it, really... and teaching mkusers a few
>>> trick to go with it
>>>
>>> Le ven. 7 f?vr. 2020 ? 13:41, Norbert Lange <nolange79@gmail.com> a
>>> ?crit :
>>>
>>>> Sure, but that could get tricky is you dont enable sysuser.d on the
>>>> target,
>>>> then you would need to grab the files from the host installation and
>>>> use similar build-options as the target.
>>>>
>>>> Some smart infrastructure work would be needed to not complicate things
>>>> between non-system, systemd with option x disabled,
>>>> and full systemd.
>>>>
>>>> Am Fr., 7. Feb. 2020 um 10:11 Uhr schrieb J?r?my ROSEN <
>>>> jeremy.rosen at smile.fr>:
>>>>
>>>>> Yes...
>>>>> Long term we should use systems-sysuser for that, so upstream trickles
>>>>> down automatically
>>>>>
>>>>> in the mean time,
>>>>>
>>>>> Reviewed-by: J?r?my Rosen <jeremy.rosen@smile.fr>
>>>>>
>>>>>
>>>>> Le jeu. 6 f?vr. 2020 ? 10:37, Norbert Lange <nolange79@gmail.com> a
>>>>> ?crit :
>>>>>
>>>>>> Since V235 the "gateway" and "upload" services use DynamicUsers,
>>>>>> requiring no entries in /etc/passwd.
>>>>>> This functionality requires option nss-systemd, which is always
>>>>>> enabled in buildroot.
>>>>>>
>>>>>> The "bus-proxy" user was removed in V230
>>>>>>
>>>>>> Signed-off-by: Norbert Lange <nolange79@gmail.com>
>>>>>> ---
>>>>>>  package/systemd/systemd.mk | 3 ---
>>>>>>  1 file changed, 3 deletions(-)
>>>>>>
>>>>>> diff --git a/package/systemd/systemd.mk b/package/systemd/systemd.mk
>>>>>> index a390cdd1a9..b46c4fd540 100644
>>>>>> --- a/package/systemd/systemd.mk
>>>>>> +++ b/package/systemd/systemd.mk
>>>>>> @@ -431,10 +431,7 @@ define SYSTEMD_USERS
>>>>>>         - - systemd-journal -1 * - - - Journal
>>>>>>         - - render -1 * - - - DRI rendering nodes
>>>>>>         - - kvm -1 * - - - kvm nodes
>>>>>> -       systemd-bus-proxy -1 systemd-bus-proxy -1 * - - - Proxy D-Bus
>>>>>> messages to/from a bus
>>>>>> -       systemd-journal-gateway -1 systemd-journal-gateway -1 *
>>>>>> /var/log/journal - - Journal Gateway
>>>>>>         systemd-journal-remote -1 systemd-journal-remote -1 *
>>>>>> /var/log/journal/remote - - Journal Remote
>>>>>> -       systemd-journal-upload -1 systemd-journal-upload -1 * - - -
>>>>>> Journal Upload
>>>>>>         $(SYSTEMD_COREDUMP_USER)
>>>>>>         $(SYSTEMD_NETWORKD_USER)
>>>>>>         $(SYSTEMD_RESOLVED_USER)
>>>>>> --
>>>>>> 2.24.1
>>>>>>
>>>>>> _______________________________________________
>>>>>> buildroot mailing list
>>>>>> buildroot at busybox.net
>>>>>> http://lists.busybox.net/mailman/listinfo/buildroot
>>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> [image: SMILE]  <http://www.smile.eu/>
>>>>>
>>>>> 20 rue des Jardins
>>>>> 92600 Asni?res-sur-Seine
>>>>> *J?r?my ROSEN*
>>>>> Architecte technique
>>>>>
>>>>> [image: email] jeremy.rosen at smile.fr
>>>>> [image: phone]  +33 6 88 25 87 42
>>>>> [image: url] http://www.smile.eu
>>>>>
>>>>> [image: Twitter] <https://twitter.com/GroupeSmile> [image: Facebook]
>>>>> <https://www.facebook.com/smileopensource> [image: LinkedIn]
>>>>> <https://www.linkedin.com/company/smile> [image: Github]
>>>>> <https://github.com/Smile-SA>
>>>>>
>>>>> [image: D?couvrez l?univers Smile, rendez-vous sur smile.eu]
>>>>> <https://www.smile.eu/fr/publications/livres-blancs/yocto?utm_source=signature&utm_medium=email&utm_campaign=signature>
>>>>>
>>>>
>>>
>>> --
>>> [image: SMILE]  <http://www.smile.eu/>
>>>
>>> 20 rue des Jardins
>>> 92600 Asni?res-sur-Seine
>>> *J?r?my ROSEN*
>>> Architecte technique
>>>
>>> [image: email] jeremy.rosen at smile.fr
>>> [image: phone]  +33 6 88 25 87 42
>>> [image: url] http://www.smile.eu
>>>
>>> [image: Twitter] <https://twitter.com/GroupeSmile> [image: Facebook]
>>> <https://www.facebook.com/smileopensource> [image: LinkedIn]
>>> <https://www.linkedin.com/company/smile> [image: Github]
>>> <https://github.com/Smile-SA>
>>>
>>> [image: D?couvrez l?univers Smile, rendez-vous sur smile.eu]
>>> <https://www.smile.eu/fr/publications/livres-blancs/yocto?utm_source=signature&utm_medium=email&utm_campaign=signature>
>>>
>>
>
> --
> [image: SMILE]  <http://www.smile.eu/>
>
> 20 rue des Jardins
> 92600 Asni?res-sur-Seine
> *J?r?my ROSEN*
> Architecte technique
>
> [image: email] jeremy.rosen at smile.fr
> [image: phone]  +33 6 88 25 87 42
> [image: url] http://www.smile.eu
>
> [image: Twitter] <https://twitter.com/GroupeSmile> [image: Facebook]
> <https://www.facebook.com/smileopensource> [image: LinkedIn]
> <https://www.linkedin.com/company/smile> [image: Github]
> <https://github.com/Smile-SA>
>
> [image: D?couvrez l?univers Smile, rendez-vous sur smile.eu]
> <https://www.smile.eu/fr/publications/livres-blancs/yocto?utm_source=signature&utm_medium=email&utm_campaign=signature>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.busybox.net/pipermail/buildroot/attachments/20200207/218cc83a/attachment.html>

[Buildroot] [PATCH 05/10] package/systemd: cosmetic rearrange list of users

[Norbert Lange]

Am Fr., 7. Feb. 2020 um 14:07 Uhr schrieb J?r?my ROSEN <
jeremy.rosen@smile.fr>:

>
>
> Le ven. 7 f?vr. 2020 ? 13:59, Norbert Lange <nolange79@gmail.com> a
> ?crit :
>
>> mkuser creating users by default if a Bug IMHO, the only non-system users
>> are those
>>
> that are explicitly defined.
>>
>
> Agreed. I'm already working on that. Patch to follow soon
>
>
>> Did not know journald acts differently based on UIDs btw.
>>
>>
> It's linked to the "per-user journal" feature. That feature is only active
> for UID > 1000 (or wherever the system/human UID split is configured
> but 1000 is the recommanded default and what buildroot uses)
>
>  I posted a patch to allow creating system users, but that would require
> changing *every*
>
>> package adding users.
>> https://patchwork.ozlabs.org/patch/1222180/
>>
>> Ok, I missed that patch (and reimplemented it :( my bad)
> I'm in the process of changing every package, it's just a tedious grep
> work, but it needs to be done.
>

Well, I am glad if I dont have to do that with private patchwork one day,
no matter how we get there.

what about changing mkuser default -1 to system user, adding a new value
('-2' or 'u') for normal user?
That way you just need to patch the 1-2 spots where normal users are
generated.


>
>> Norbert
>>
>> Am Fr., 7. Feb. 2020 um 13:53 Uhr schrieb J?r?my ROSEN <
>> jeremy.rosen at smile.fr>:
>>
>>>
>>>
>>> Le ven. 7 f?vr. 2020 ? 13:47, Norbert Lange <nolange79@gmail.com> a
>>> ?crit :
>>>
>>>> Not sure if you meant to reply to patch #6 instead.
>>>>
>>>> maybe :P
>>>
>>>
>>>> The main reference is the README, and the templates in sysusers.d.
>>>> You want me to add this as comment in the .mk file if I understood
>>>> correctly?
>>>>
>>>> That's very minor... I meant pointing to the sysusers.d files so
>>> someone that doesn't know systemd as well can check that nothing has changed
>>>
>>>
>>>> Also I am not sure why those users/groups aren't already in the systemd
>>>> skeleton.
>>>>
>>>> That's a pretty good question. Also, since they are created by
>>> mkusers they have a UID > 1000 that confuses journald.
>>> (they get their own journal files, as if they were normal users, instead
>>> of being logged only in the system journals)
>>>
>>>
>>>> Should I post just an amended Patch #5 or wait a while to redo the
>>>> series once I got feedback for the rest?
>>>>
>>>> Wait for more feedback, that's too minor to have you respin just for
>>> that.
>>>
>>> Cheers
>>> Jeremy
>>>
>>>
>>>> Am Fr., 7. Feb. 2020 um 10:13 Uhr schrieb J?r?my ROSEN <
>>>> jeremy.rosen at smile.fr>:
>>>>
>>>>> could you add a line pointing to the corresponding file in
>>>>> systemd's source code (i.e the sysuser file from upstream)
>>>>> that would help future reviewers
>>>>>
>>>>> apart from that
>>>>>
>>>>> Reviewed-by: J?r?my Rosen <jeremy.rosen@smile.fr>
>>>>>
>>>>> Le jeu. 6 f?vr. 2020 ? 10:37, Norbert Lange <nolange79@gmail.com> a
>>>>> ?crit :
>>>>>
>>>>>> Signed-off-by: Norbert Lange <nolange79@gmail.com>
>>>>>> ---
>>>>>>  package/systemd/systemd.mk | 4 +++-
>>>>>>  1 file changed, 3 insertions(+), 1 deletion(-)
>>>>>>
>>>>>> diff --git a/package/systemd/systemd.mk b/package/systemd/systemd.mk
>>>>>> index b3e83b5d3b..b6bd85f130 100644
>>>>>> --- a/package/systemd/systemd.mk
>>>>>> +++ b/package/systemd/systemd.mk
>>>>>> @@ -428,10 +428,12 @@ define SYSTEMD_INSTALL_IMAGES_CMDS
>>>>>>  endef
>>>>>>
>>>>>>  define SYSTEMD_USERS
>>>>>> +       # udev user groups
>>>>>>         - - input -1 * - - - Input device group
>>>>>> -       - - systemd-journal -1 * - - - Journal
>>>>>>         - - render -1 * - - - DRI rendering nodes
>>>>>>         - - kvm -1 * - - - kvm nodes
>>>>>> +       # systemd user groups
>>>>>> +       - - systemd-journal -1 * - - - Journal
>>>>>>         $(SYSTEMD_REMOTE_USER)
>>>>>>         $(SYSTEMD_COREDUMP_USER)
>>>>>>         $(SYSTEMD_NETWORKD_USER)
>>>>>> --
>>>>>> 2.24.1
>>>>>>
>>>>>> _______________________________________________
>>>>>> buildroot mailing list
>>>>>> buildroot at busybox.net
>>>>>> http://lists.busybox.net/mailman/listinfo/buildroot
>>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> [image: SMILE]  <http://www.smile.eu/>
>>>>>
>>>>> 20 rue des Jardins
>>>>> 92600 Asni?res-sur-Seine
>>>>> *J?r?my ROSEN*
>>>>> Architecte technique
>>>>>
>>>>> [image: email] jeremy.rosen at smile.fr
>>>>> [image: phone]  +33 6 88 25 87 42
>>>>> [image: url] http://www.smile.eu
>>>>>
>>>>> [image: Twitter] <https://twitter.com/GroupeSmile> [image: Facebook]
>>>>> <https://www.facebook.com/smileopensource> [image: LinkedIn]
>>>>> <https://www.linkedin.com/company/smile> [image: Github]
>>>>> <https://github.com/Smile-SA>
>>>>>
>>>>> [image: D?couvrez l?univers Smile, rendez-vous sur smile.eu]
>>>>> <https://www.smile.eu/fr/publications/livres-blancs/yocto?utm_source=signature&utm_medium=email&utm_campaign=signature>
>>>>>
>>>>
>>>
>>> --
>>> [image: SMILE]  <http://www.smile.eu/>
>>>
>>> 20 rue des Jardins
>>> 92600 Asni?res-sur-Seine
>>> *J?r?my ROSEN*
>>> Architecte technique
>>>
>>> [image: email] jeremy.rosen at smile.fr
>>> [image: phone]  +33 6 88 25 87 42
>>> [image: url] http://www.smile.eu
>>>
>>> [image: Twitter] <https://twitter.com/GroupeSmile> [image: Facebook]
>>> <https://www.facebook.com/smileopensource> [image: LinkedIn]
>>> <https://www.linkedin.com/company/smile> [image: Github]
>>> <https://github.com/Smile-SA>
>>>
>>> [image: D?couvrez l?univers Smile, rendez-vous sur smile.eu]
>>> <https://www.smile.eu/fr/publications/livres-blancs/yocto?utm_source=signature&utm_medium=email&utm_campaign=signature>
>>>
>>
>
> --
> [image: SMILE]  <http://www.smile.eu/>
>
> 20 rue des Jardins
> 92600 Asni?res-sur-Seine
> *J?r?my ROSEN*
> Architecte technique
>
> [image: email] jeremy.rosen at smile.fr
> [image: phone]  +33 6 88 25 87 42
> [image: url] http://www.smile.eu
>
> [image: Twitter] <https://twitter.com/GroupeSmile> [image: Facebook]
> <https://www.facebook.com/smileopensource> [image: LinkedIn]
> <https://www.linkedin.com/company/smile> [image: Github]
> <https://github.com/Smile-SA>
>
> [image: D?couvrez l?univers Smile, rendez-vous sur smile.eu]
> <https://www.smile.eu/fr/publications/livres-blancs/yocto?utm_source=signature&utm_medium=email&utm_campaign=signature>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.busybox.net/pipermail/buildroot/attachments/20200207/7ca5313f/attachment-0001.html>

[Buildroot] [PATCH 05/10] package/systemd: cosmetic rearrange list of users

[Jérémy ROSEN]

Le ven. 7 f?vr. 2020 ? 14:11, Norbert Lange <nolange79@gmail.com> a ?crit :

>
>
>
> what about changing mkuser default -1 to system user, adding a new value
> ('-2' or 'u') for normal user?
> That way you just need to patch the 1-2 spots where normal users are
> generated.
>
>
There are no such spot that I could find at first glance in buildroot
itself, but that would break user packages...
so I don't think that's a good idea. It would fix more (harmless) bugs than
it would create, but the bugs
created would be more problematic than the bugs fixed....

-- 
[image: SMILE]  <http://www.smile.eu/>

20 rue des Jardins
92600 Asni?res-sur-Seine
*J?r?my ROSEN*
Architecte technique

[image: email] jeremy.rosen at smile.fr
[image: phone]  +33 6 88 25 87 42
[image: url] http://www.smile.eu

[image: Twitter] <https://twitter.com/GroupeSmile> [image: Facebook]
<https://www.facebook.com/smileopensource> [image: LinkedIn]
<https://www.linkedin.com/company/smile> [image: Github]
<https://github.com/Smile-SA>

[image: D?couvrez l?univers Smile, rendez-vous sur smile.eu]
<https://www.smile.eu/fr/publications/livres-blancs/yocto?utm_source=signature&utm_medium=email&utm_campaign=signature>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.busybox.net/pipermail/buildroot/attachments/20200207/72c85b6f/attachment.html>

[Buildroot] [PATCH 05/10] package/systemd: cosmetic rearrange list of users

[Norbert Lange]

Define what you mean with break - chances are, its not worse than all of
packages suddenly creating system users.

I meant that the lists from BR2_ROOTFS_USERS_TABLES are handled special and
create normal users (uid >= 0),
while all packages (buildroot or user packages) create system users with
uid=-1.

new packages could use 's' and 'u' instead, with -1 being somewhat
ambiguous then (potentially being deprecated one day).

Am Fr., 7. Feb. 2020 um 14:23 Uhr schrieb J?r?my ROSEN <
jeremy.rosen@smile.fr>:

>
>
> Le ven. 7 f?vr. 2020 ? 14:11, Norbert Lange <nolange79@gmail.com> a
> ?crit :
>
>>
>>
>>
>> what about changing mkuser default -1 to system user, adding a new value
>> ('-2' or 'u') for normal user?
>> That way you just need to patch the 1-2 spots where normal users are
>> generated.
>>
>>
> There are no such spot that I could find at first glance in buildroot
> itself, but that would break user packages...
> so I don't think that's a good idea. It would fix more (harmless) bugs
> than it would create, but the bugs
> created would be more problematic than the bugs fixed....
>
> --
> [image: SMILE]  <http://www.smile.eu/>
>
> 20 rue des Jardins
> 92600 Asni?res-sur-Seine
> *J?r?my ROSEN*
> Architecte technique
>
> [image: email] jeremy.rosen at smile.fr
> [image: phone]  +33 6 88 25 87 42
> [image: url] http://www.smile.eu
>
> [image: Twitter] <https://twitter.com/GroupeSmile> [image: Facebook]
> <https://www.facebook.com/smileopensource> [image: LinkedIn]
> <https://www.linkedin.com/company/smile> [image: Github]
> <https://github.com/Smile-SA>
>
> [image: D?couvrez l?univers Smile, rendez-vous sur smile.eu]
> <https://www.smile.eu/fr/publications/livres-blancs/yocto?utm_source=signature&utm_medium=email&utm_campaign=signature>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.busybox.net/pipermail/buildroot/attachments/20200207/d7c40351/attachment.html>

[Buildroot] [PATCH 01/10] package/systemd: move preset-all HOOK to fakeroot stage

[Jérémy ROSEN]

LGTM

Le jeu. 6 f?vr. 2020 ? 10:36, Norbert Lange <nolange79@gmail.com> a ?crit :

> User can drop in more systemd units or presets
> in an rootfs overlay, which will be copied over *after*
> the TARGET_FINALIZE_HOOKS are run.
>
> Instead, run preset-all afterwards from ROOTFS_PRE_CMD_HOOKS
>
> Signed-off-by: Norbert Lange <nolange79@gmail.com>
> ---
>  package/systemd/systemd.mk | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/package/systemd/systemd.mk b/package/systemd/systemd.mk
> index 6e31a14ac3..05b07cfd1b 100644
> --- a/package/systemd/systemd.mk
> +++ b/package/systemd/systemd.mk
> @@ -490,7 +490,7 @@ endef
>  define SYSTEMD_PRESET_ALL
>         $(HOST_DIR)/bin/systemctl --root=$(TARGET_DIR) preset-all
>  endef
> -SYSTEMD_TARGET_FINALIZE_HOOKS += SYSTEMD_PRESET_ALL
> +SYSTEMD_ROOTFS_PRE_CMD_HOOKS += SYSTEMD_PRESET_ALL
>
>  SYSTEMD_CONF_ENV = $(HOST_UTF8_LOCALE_ENV)
>  SYSTEMD_NINJA_ENV = $(HOST_UTF8_LOCALE_ENV)
> --
> 2.24.1
>
> _______________________________________________
> buildroot mailing list
> buildroot at busybox.net
> http://lists.busybox.net/mailman/listinfo/buildroot
>


-- 
[image: SMILE]  <http://www.smile.eu/>

20 rue des Jardins
92600 Asni?res-sur-Seine
*J?r?my ROSEN*
Architecte technique

[image: email] jeremy.rosen at smile.fr
[image: phone]  +33 6 88 25 87 42
[image: url] http://www.smile.eu

[image: Twitter] <https://twitter.com/GroupeSmile> [image: Facebook]
<https://www.facebook.com/smileopensource> [image: LinkedIn]
<https://www.linkedin.com/company/smile> [image: Github]
<https://github.com/Smile-SA>

[image: D?couvrez l?univers Smile, rendez-vous sur smile.eu]
<https://www.smile.eu/fr/publications/livres-blancs/yocto?utm_source=signature&utm_medium=email&utm_campaign=signature>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.busybox.net/pipermail/buildroot/attachments/20200607/50da848b/attachment-0001.html>

[Buildroot] [PATCH 02/10] package/systemd: add libnss-systemd to name resolution

[Jérémy ROSEN]

I don't have enough knowledge of nss, to vet this patch, but
adding nss-systemd in nsswitch by itself is a great idea

Le jeu. 6 f?vr. 2020 ? 10:36, Norbert Lange <nolange79@gmail.com> a ?crit :

> The feature DynamicUser creates users/groups without
> touching the /etc/{passwd,group} files on disk.
> Adding the dynamic resolver to /etc/nsswitch.conf
> ensures the Names are resolved consistently.
>
> Signed-off-by: Norbert Lange <nolange79@gmail.com>
> ---
>  package/systemd/systemd.mk | 8 ++++++++
>  1 file changed, 8 insertions(+)
>
> diff --git a/package/systemd/systemd.mk b/package/systemd/systemd.mk
> index 05b07cfd1b..a390cdd1a9 100644
> --- a/package/systemd/systemd.mk
> +++ b/package/systemd/systemd.mk
> @@ -409,7 +409,15 @@ define SYSTEMD_INSTALL_MACHINEID_HOOK
>         touch $(TARGET_DIR)/etc/machine-id
>  endef
>
> +define SYSTEMD_ADD_NSSCONFIG_HOOK
> +       grep >/dev/null '^passwd:.*systemd'
> $(TARGET_DIR)/etc/nsswitch.conf || \
> +               sed '/^passwd:/ s/$$/ systemd/'
> $(TARGET_DIR)/etc/nsswitch.conf
> +       grep >/dev/null '^group:.*systemd' $(TARGET_DIR)/etc/nsswitch.conf
> || \
> +               sed '/^group:/ s/$$/ systemd/'
> $(TARGET_DIR)/etc/nsswitch.conf
> +endef
> +
>  SYSTEMD_POST_INSTALL_TARGET_HOOKS += \
> +       SYSTEMD_ADD_NSSCONFIG_HOOK \
>         SYSTEMD_INSTALL_INIT_HOOK \
>         SYSTEMD_INSTALL_MACHINEID_HOOK \
>         SYSTEMD_INSTALL_RESOLVCONF_HOOK
> --
> 2.24.1
>
> _______________________________________________
> buildroot mailing list
> buildroot at busybox.net
> http://lists.busybox.net/mailman/listinfo/buildroot
>


-- 
[image: SMILE]  <http://www.smile.eu/>

20 rue des Jardins
92600 Asni?res-sur-Seine
*J?r?my ROSEN*
Architecte technique

[image: email] jeremy.rosen at smile.fr
[image: phone]  +33 6 88 25 87 42
[image: url] http://www.smile.eu

[image: Twitter] <https://twitter.com/GroupeSmile> [image: Facebook]
<https://www.facebook.com/smileopensource> [image: LinkedIn]
<https://www.linkedin.com/company/smile> [image: Github]
<https://github.com/Smile-SA>

[image: D?couvrez l?univers Smile, rendez-vous sur smile.eu]
<https://www.smile.eu/fr/publications/livres-blancs/yocto?utm_source=signature&utm_medium=email&utm_campaign=signature>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.busybox.net/pipermail/buildroot/attachments/20200607/7428896a/attachment.html>

[Buildroot] [PATCH 08/10] package/systemd: add hook to update journalctl catalogs

[Jérémy ROSEN]

LGTM

Le jeu. 6 f?vr. 2020 ? 10:37, Norbert Lange <nolange79@gmail.com> a ?crit :

> journald supports catalog files, or rather a binary database of
> those.
> This add a hook to create said database from the available
> catalog source files (which are not needed afterwards).
>
> One ugly workaround is or ensuring that PURGE_LOCALES is
> called before, we do this by adding this hook
> (will then run twice during the finalize target step).
>
> Signed-off-by: Norbert Lange <nolange79@gmail.com>
> ---
>  package/systemd/systemd.mk | 11 +++++++++++
>  1 file changed, 11 insertions(+)
>
> diff --git a/package/systemd/systemd.mk b/package/systemd/systemd.mk
> index 6ea25e3363..8db3a1b117 100644
> --- a/package/systemd/systemd.mk
> +++ b/package/systemd/systemd.mk
> @@ -500,6 +500,16 @@ define SYSTEMD_PRESET_ALL
>  endef
>  SYSTEMD_ROOTFS_PRE_CMD_HOOKS += SYSTEMD_PRESET_ALL
>
> +define SYSTEMD_UPDATE_CATALOGS
> +       $(HOST_DIR)/bin/journalctl --root=$(TARGET_DIR) --update-catalog
> +endef
> +
> +# SYSTEMD_UPDATE_CATALOGS needs to run after PURGE_LOCALES
> +ifeq ($(BR2_ENABLE_LOCALE_PURGE),y)
> +SYSTEMD_TARGET_FINALIZE_HOOKS += PURGE_LOCALES
> +endif
> +SYSTEMD_TARGET_FINALIZE_HOOKS += SYSTEMD_UPDATE_CATALOGS
> +
>  SYSTEMD_CONF_ENV = $(HOST_UTF8_LOCALE_ENV)
>  SYSTEMD_NINJA_ENV = $(HOST_UTF8_LOCALE_ENV)
>
> @@ -577,6 +587,7 @@ HOST_SYSTEMD_DEPENDENCIES = \
>  #   $(HOST_DIR)/lib
>  # * thus re-tweak rpath after the installation for all binaries that need
> it
>  HOST_SYSTEMD_HOST_TOOLS = \
> +       journalctl \
>         systemd-analyze \
>         systemd-mount \
>         systemctl \
> --
> 2.24.1
>
> _______________________________________________
> buildroot mailing list
> buildroot at busybox.net
> http://lists.busybox.net/mailman/listinfo/buildroot
>


-- 
[image: SMILE]  <http://www.smile.eu/>

20 rue des Jardins
92600 Asni?res-sur-Seine
*J?r?my ROSEN*
Architecte technique

[image: email] jeremy.rosen at smile.fr
[image: phone]  +33 6 88 25 87 42
[image: url] http://www.smile.eu

[image: Twitter] <https://twitter.com/GroupeSmile> [image: Facebook]
<https://www.facebook.com/smileopensource> [image: LinkedIn]
<https://www.linkedin.com/company/smile> [image: Github]
<https://github.com/Smile-SA>

[image: D?couvrez l?univers Smile, rendez-vous sur smile.eu]
<https://www.smile.eu/fr/publications/livres-blancs/yocto?utm_source=signature&utm_medium=email&utm_campaign=signature>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.busybox.net/pipermail/buildroot/attachments/20200607/7bbb23c0/attachment.html>

[Buildroot] [PATCH 10/10] package/systemd: invoke systemd-tmpfilesd on final image

[Jérémy ROSEN]

Awesome, LGTM

Le jeu. 6 f?vr. 2020 ? 10:37, Norbert Lange <nolange79@gmail.com> a ?crit :

> Especially for read-only filesystems it is helpfull to
> pre-create all folders for non-volatile paths.
>
> This needs to run under fakeroot to allow setting uids/gids/perms
>
> Signed-off-by: Norbert Lange <nolange79@gmail.com>
> ---
>  package/systemd/systemd.mk | 9 ++++++++-
>  1 file changed, 8 insertions(+), 1 deletion(-)
>
> diff --git a/package/systemd/systemd.mk b/package/systemd/systemd.mk
> index 4d6ff0be45..69e2e1bf41 100644
> --- a/package/systemd/systemd.mk
> +++ b/package/systemd/systemd.mk
> @@ -518,6 +518,12 @@ SYSTEMD_TARGET_FINALIZE_HOOKS += PURGE_LOCALES
>  endif
>  SYSTEMD_TARGET_FINALIZE_HOOKS += SYSTEMD_UPDATE_CATALOGS
>
> +define SYSTEMD_CREATE_TMPFILES_HOOK
> +       $(HOST_DIR)/bin/systemd-tmpfiles --root=$(TARGET_DIR) --create
> --boot \
> +               $(addprefix --exclude-prefix=/,dev mnt proc run sys tmp)
> || :
> +endef
> +SYSTEMD_ROOTFS_PRE_CMD_HOOKS += SYSTEMD_CREATE_TMPFILES_HOOK
> +
>  SYSTEMD_CONF_ENV = $(HOST_UTF8_LOCALE_ENV)
>  SYSTEMD_NINJA_ENV = $(HOST_UTF8_LOCALE_ENV)
>
> @@ -559,7 +565,7 @@ HOST_SYSTEMD_CONF_OPTS = \
>         -Dvconsole=false \
>         -Dquotacheck=false \
>         -Dsysusers=false \
> -       -Dtmpfiles=false \
> +       -Dtmpfiles=true \
>         -Dimportd=false \
>         -Dhwdb=false \
>         -Drfkill=false \
> @@ -598,6 +604,7 @@ HOST_SYSTEMD_HOST_TOOLS = \
>         journalctl \
>         systemd-analyze \
>         systemd-mount \
> +       systemd-tmpfiles \
>         systemctl \
>         udevadm
>
> --
> 2.24.1
>
> _______________________________________________
> buildroot mailing list
> buildroot at busybox.net
> http://lists.busybox.net/mailman/listinfo/buildroot
>


-- 
[image: SMILE]  <http://www.smile.eu/>

20 rue des Jardins
92600 Asni?res-sur-Seine
*J?r?my ROSEN*
Architecte technique

[image: email] jeremy.rosen at smile.fr
[image: phone]  +33 6 88 25 87 42
[image: url] http://www.smile.eu

[image: Twitter] <https://twitter.com/GroupeSmile> [image: Facebook]
<https://www.facebook.com/smileopensource> [image: LinkedIn]
<https://www.linkedin.com/company/smile> [image: Github]
<https://github.com/Smile-SA>

[image: D?couvrez l?univers Smile, rendez-vous sur smile.eu]
<https://www.smile.eu/fr/publications/livres-blancs/yocto?utm_source=signature&utm_medium=email&utm_campaign=signature>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.busybox.net/pipermail/buildroot/attachments/20200607/b4cd22bf/attachment.html>

[Buildroot] [PATCH 02/10] package/systemd: add libnss-systemd to name resolution

[Yann E. MORIN]

Nrobert, All,

On 2020-02-06 10:36 +0100, Norbert Lange spake thusly:
> The feature DynamicUser creates users/groups without
> touching the /etc/{passwd,group} files on disk.
> Adding the dynamic resolver to /etc/nsswitch.conf
> ensures the Names are resolved consistently.
> 
> Signed-off-by: Norbert Lange <nolange79@gmail.com>
> ---
>  package/systemd/systemd.mk | 8 ++++++++
>  1 file changed, 8 insertions(+)
> 
> diff --git a/package/systemd/systemd.mk b/package/systemd/systemd.mk
> index 05b07cfd1b..a390cdd1a9 100644
> --- a/package/systemd/systemd.mk
> +++ b/package/systemd/systemd.mk
> @@ -409,7 +409,15 @@ define SYSTEMD_INSTALL_MACHINEID_HOOK
>  	touch $(TARGET_DIR)/etc/machine-id
>  endef
>  
> +define SYSTEMD_ADD_NSSCONFIG_HOOK
> +	grep >/dev/null '^passwd:.*systemd' $(TARGET_DIR)/etc/nsswitch.conf || \

While this is valid sytx, we customarily put the redirection at the end
of the command.

However, in this case, you would want to use 'grep -q', as that does not
output anything.

> +		sed '/^passwd:/ s/$$/ systemd/' $(TARGET_DIR)/etc/nsswitch.conf

How can that even work? By default, sed will out put to stdout, not
replace in-place.

This clearly has not been tested (or git-commit --amend was forgotten).

In this case, you want to use $(SED) that includes the -i option to do
in-place modifications.

> +	grep >/dev/null '^group:.*systemd' $(TARGET_DIR)/etc/nsswitch.conf || \

Ditto grep -q.

> +		sed '/^group:/ s/$$/ systemd/' $(TARGET_DIR)/etc/nsswitch.conf

Ditto $(SED).

Regards,
Yann E. MORIN.

> +endef
> +
>  SYSTEMD_POST_INSTALL_TARGET_HOOKS += \
> +	SYSTEMD_ADD_NSSCONFIG_HOOK \
>  	SYSTEMD_INSTALL_INIT_HOOK \
>  	SYSTEMD_INSTALL_MACHINEID_HOOK \
>  	SYSTEMD_INSTALL_RESOLVCONF_HOOK
> -- 
> 2.24.1
> 

-- 
.-----------------.--------------------.------------------.--------------------.
|  Yann E. MORIN  | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software  Designer | \ / CAMPAIGN     |  ___               |
| +33 561 099 427 `------------.-------:  X  AGAINST      |  \e/  There is no  |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL    |   v   conspiracy.  |
'------------------------------^-------^------------------^--------------------'

[Buildroot] [PATCH 01/10] package/systemd: move preset-all HOOK to fakeroot stage

[Yann E. MORIN]

J?r?my, All,

On 2020-06-07 13:09 +0200, J?r?my ROSEN spake thusly:
> LGTM

Could you reply with actual reviewd-by or acked-by tags, please?

    https://buildroot.org/downloads/manual/manual.html#_reviewing_and_testing_patches

In the meantime, I'll assume your 'LGTM' here and in other patches, means
you provided your Reviewed-by tag. Thanks! :-)

Regards,
Yann E. MORIN.

> Le?jeu. 6 f?vr. 2020 ??10:36, Norbert Lange < [1]nolange79@gmail.com> a ?crit?:
> 
>   User can drop in more systemd units or presets
>   in an rootfs overlay, which will be copied over *after*
>   the TARGET_FINALIZE_HOOKS are run.
> 
>   Instead, run preset-all afterwards from ROOTFS_PRE_CMD_HOOKS
> 
>   Signed-off-by: Norbert Lange < [2]nolange79@gmail.com>
>   ---
>   ?package/systemd/ [3]systemd.mk | 2 +-
>   ?1 file changed, 1 insertion(+), 1 deletion(-)
> 
>   diff --git a/package/systemd/ [4]systemd.mk b/package/systemd/ [5]systemd.mk
>   index 6e31a14ac3..05b07cfd1b 100644
>   --- a/package/systemd/ [6]systemd.mk
>   +++ b/package/systemd/ [7]systemd.mk
>   @@ -490,7 +490,7 @@ endef
>   ?define SYSTEMD_PRESET_ALL
>   ? ? ? ? $(HOST_DIR)/bin/systemctl --root=$(TARGET_DIR) preset-all
>   ?endef
>   -SYSTEMD_TARGET_FINALIZE_HOOKS += SYSTEMD_PRESET_ALL
>   +SYSTEMD_ROOTFS_PRE_CMD_HOOKS += SYSTEMD_PRESET_ALL
> 
>   ?SYSTEMD_CONF_ENV = $(HOST_UTF8_LOCALE_ENV)
>   ?SYSTEMD_NINJA_ENV = $(HOST_UTF8_LOCALE_ENV)
>   --
>   2.24.1
> 
>   _______________________________________________
>   buildroot mailing list
>   [8]buildroot at busybox.net
>   [9]http://lists.busybox.net/mailman/listinfo/buildroot
> 
> --
> 
> +-----------------------------------------------------------------------------------------------------------------------+
> |                               | J?r?my ROSEN                                                                |
> | [10]3D"SMILE"[11] ?      | Architecte technique                                                                  |
> |                               | [12]3D"email" ? [13]jeremy.rosen at smile.fr?                                  |
> | 20 rue des Jardins            | [14]3D"phone" ? +33 6 88 25 87 42?                                          |
> | 92600 Asni?res-sur-Seine | [15]3D"url" ? [16]http://www.smile.eu                                            |
> |                               | [17]3D"Twitter" ? [18]3D"Facebook" ? [19]3D"LinkedIn" ? [20]3D"Github" |
> +-----------------------------------------------------------------------------------------------------------------------+
> 
> [21]3D"D?couvrez
> 
> Links:
> 1. mailto:nolange79 at gmail.com
> 2. mailto:nolange79 at gmail.com
> 3. http://systemd.mk
> 4. http://systemd.mk
> 5. http://systemd.mk
> 6. http://systemd.mk
> 7. http://systemd.mk
> 8. mailto:buildroot at busybox.net
> 9. http://lists.busybox.net/mailman/listinfo/buildroot
> 10. http://www.smile.eu/
> 11. http://www.smile.eu/
> 12. Image: http://ftp.smile.fr/client/Communication/signature/img/mail.png
> 13. mailto:jeremy.rosen at smile.fr
> 14. Image: http://ftp.smile.fr/client/Communication/signature/img/phone.png
> 15. Image: http://ftp.smile.fr/client/Communication/signature/img/web.png
> 16. http://www.smile.eu/
> 17. https://twitter.com/GroupeSmile
> 18. https://www.facebook.com/smileopensource
> 19. https://www.linkedin.com/company/smile
> 20. https://github.com/Smile-SA
> 21. https://www.smile.eu/fr/publications/livres-blancs/yocto?utm_source=signature&utm_medium=email&utm_campaign=signature

-- 
.-----------------.--------------------.------------------.--------------------.
|  Yann E. MORIN  | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software  Designer | \ / CAMPAIGN     |  ___               |
| +33 561 099 427 `------------.-------:  X  AGAINST      |  \e/  There is no  |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL    |   v   conspiracy.  |
'------------------------------^-------^------------------^--------------------'

[Buildroot] [PATCH 01/10] package/systemd: move preset-all HOOK to fakeroot stage

[Yann E. MORIN]

Norbert, All,

On 2020-02-06 10:36 +0100, Norbert Lange spake thusly:
> User can drop in more systemd units or presets
> in an rootfs overlay, which will be copied over *after*
> the TARGET_FINALIZE_HOOKS are run.
> 
> Instead, run preset-all afterwards from ROOTFS_PRE_CMD_HOOKS
> 
> Signed-off-by: Norbert Lange <nolange79@gmail.com>

Appied to master, thanks.

Regards,
Yann E. MORIN.

> ---
>  package/systemd/systemd.mk | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/package/systemd/systemd.mk b/package/systemd/systemd.mk
> index 6e31a14ac3..05b07cfd1b 100644
> --- a/package/systemd/systemd.mk
> +++ b/package/systemd/systemd.mk
> @@ -490,7 +490,7 @@ endef
>  define SYSTEMD_PRESET_ALL
>  	$(HOST_DIR)/bin/systemctl --root=$(TARGET_DIR) preset-all
>  endef
> -SYSTEMD_TARGET_FINALIZE_HOOKS += SYSTEMD_PRESET_ALL
> +SYSTEMD_ROOTFS_PRE_CMD_HOOKS += SYSTEMD_PRESET_ALL
>  
>  SYSTEMD_CONF_ENV = $(HOST_UTF8_LOCALE_ENV)
>  SYSTEMD_NINJA_ENV = $(HOST_UTF8_LOCALE_ENV)
> -- 
> 2.24.1
> 

-- 
.-----------------.--------------------.------------------.--------------------.
|  Yann E. MORIN  | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software  Designer | \ / CAMPAIGN     |  ___               |
| +33 561 099 427 `------------.-------:  X  AGAINST      |  \e/  There is no  |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL    |   v   conspiracy.  |
'------------------------------^-------^------------------^--------------------'

[Buildroot] [PATCH 01/10] package/systemd: move preset-all HOOK to fakeroot stage

[Jérémy ROSEN]

My bad...
I mess up the etiquette of the various projects I follow,

thx for appying...

Le dim. 7 juin 2020 ? 13:46, Yann E. MORIN <yann.morin.1998@free.fr> a
?crit :

> J?r?my, All,
>
> On 2020-06-07 13:09 +0200, J?r?my ROSEN spake thusly:
> > LGTM
>
> Could you reply with actual reviewd-by or acked-by tags, please?
>
>
> https://buildroot.org/downloads/manual/manual.html#_reviewing_and_testing_patches
>
> In the meantime, I'll assume your 'LGTM' here and in other patches, means
> you provided your Reviewed-by tag. Thanks! :-)
>
> Regards,
> Yann E. MORIN.
>
> > Le jeu. 6 f?vr. 2020 ? 10:36, Norbert Lange < [1]nolange79@gmail.com> a
> ?crit :
> >
> >   User can drop in more systemd units or presets
> >   in an rootfs overlay, which will be copied over *after*
> >   the TARGET_FINALIZE_HOOKS are run.
> >
> >   Instead, run preset-all afterwards from ROOTFS_PRE_CMD_HOOKS
> >
> >   Signed-off-by: Norbert Lange < [2]nolange79@gmail.com>
> >   ---
> >    package/systemd/ [3]systemd.mk | 2 +-
> >    1 file changed, 1 insertion(+), 1 deletion(-)
> >
> >   diff --git a/package/systemd/ [4]systemd.mk b/package/systemd/ [5]
> systemd.mk
> >   index 6e31a14ac3..05b07cfd1b 100644
> >   --- a/package/systemd/ [6]systemd.mk
> >   +++ b/package/systemd/ [7]systemd.mk
> >   @@ -490,7 +490,7 @@ endef
> >    define SYSTEMD_PRESET_ALL
> >           $(HOST_DIR)/bin/systemctl --root=$(TARGET_DIR) preset-all
> >    endef
> >   -SYSTEMD_TARGET_FINALIZE_HOOKS += SYSTEMD_PRESET_ALL
> >   +SYSTEMD_ROOTFS_PRE_CMD_HOOKS += SYSTEMD_PRESET_ALL
> >
> >    SYSTEMD_CONF_ENV = $(HOST_UTF8_LOCALE_ENV)
> >    SYSTEMD_NINJA_ENV = $(HOST_UTF8_LOCALE_ENV)
> >   --
> >   2.24.1
> >
> >   _______________________________________________
> >   buildroot mailing list
> >   [8]buildroot at busybox.net
> >   [9]http://lists.busybox.net/mailman/listinfo/buildroot
> >
> > --
> >
> >
> +-----------------------------------------------------------------------------------------------------------------------+
> > |                               | J?r?my ROSEN
>                                       |
> > | [10]3D"SMILE"[11]        | Architecte technique
>                                           |
> > |                               | [12]3D"email"   [13]
> jeremy.rosen at smile.fr                                   |
> > | 20 rue des Jardins            | [14]3D"phone"   +33 6 88 25 87 42
>                                       |
> > | 92600 Asni?res-sur-Seine | [15]3D"url"   [16]http://www.smile.eu
>                                       |
> > |                               | [17]3D"Twitter"   [18]3D"Facebook"
> [19]3D"LinkedIn"   [20]3D"Github" |
> >
> +-----------------------------------------------------------------------------------------------------------------------+
> >
> > [21]3D"D?couvrez
> >
> > Links:
> > 1. mailto:nolange79 at gmail.com
> > 2. mailto:nolange79 at gmail.com
> > 3. http://systemd.mk
> > 4. http://systemd.mk
> > 5. http://systemd.mk
> > 6. http://systemd.mk
> > 7. http://systemd.mk
> > 8. mailto:buildroot at busybox.net
> > 9. http://lists.busybox.net/mailman/listinfo/buildroot
> > 10. http://www.smile.eu/
> > 11. http://www.smile.eu/
> > 12. Image:
> http://ftp.smile.fr/client/Communication/signature/img/mail.png
> > 13. mailto:jeremy.rosen at smile.fr
> > 14. Image:
> http://ftp.smile.fr/client/Communication/signature/img/phone.png
> > 15. Image:
> http://ftp.smile.fr/client/Communication/signature/img/web.png
> > 16. http://www.smile.eu/
> > 17. https://twitter.com/GroupeSmile
> > 18. https://www.facebook.com/smileopensource
> > 19. https://www.linkedin.com/company/smile
> > 20. https://github.com/Smile-SA
> > 21.
> https://www.smile.eu/fr/publications/livres-blancs/yocto?utm_source=signature&utm_medium=email&utm_campaign=signature
>
> --
>
> .-----------------.--------------------.------------------.--------------------.
> |  Yann E. MORIN  | Real-Time Embedded | /"\ ASCII RIBBON | Erics'
> conspiracy: |
> | +33 662 376 056 | Software  Designer | \ / CAMPAIGN     |  ___
>      |
> | +33 561 099 427 `------------.-------:  X  AGAINST      |  \e/  There is
> no  |
> | http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL    |   v
>  conspiracy.  |
>
> '------------------------------^-------^------------------^--------------------'
>


-- 
[image: SMILE]  <http://www.smile.eu/>

20 rue des Jardins
92600 Asni?res-sur-Seine
*J?r?my ROSEN*
Architecte technique

[image: email] jeremy.rosen at smile.fr
[image: phone]  +33 6 88 25 87 42
[image: url] http://www.smile.eu

[image: Twitter] <https://twitter.com/GroupeSmile> [image: Facebook]
<https://www.facebook.com/smileopensource> [image: LinkedIn]
<https://www.linkedin.com/company/smile> [image: Github]
<https://github.com/Smile-SA>

[image: D?couvrez l?univers Smile, rendez-vous sur smile.eu]
<https://www.smile.eu/fr/publications/livres-blancs/yocto?utm_source=signature&utm_medium=email&utm_campaign=signature>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.busybox.net/pipermail/buildroot/attachments/20200607/4291b873/attachment.html>

[Buildroot] [PATCH 08/10] package/systemd: add hook to update journalctl catalogs

[Yann E. MORIN]

Norbert, All,

On 2020-02-06 10:36 +0100, Norbert Lange spake thusly:
> journald supports catalog files, or rather a binary database of
> those.
> This add a hook to create said database from the available
> catalog source files (which are not needed afterwards).
> 
> One ugly workaround is or ensuring that PURGE_LOCALES is
> called before, we do this by adding this hook
> (will then run twice during the finalize target step).
> 
> Signed-off-by: Norbert Lange <nolange79@gmail.com>
> ---
>  package/systemd/systemd.mk | 11 +++++++++++
>  1 file changed, 11 insertions(+)
> 
> diff --git a/package/systemd/systemd.mk b/package/systemd/systemd.mk
> index 6ea25e3363..8db3a1b117 100644
> --- a/package/systemd/systemd.mk
> +++ b/package/systemd/systemd.mk
> @@ -500,6 +500,16 @@ define SYSTEMD_PRESET_ALL
>  endef
>  SYSTEMD_ROOTFS_PRE_CMD_HOOKS += SYSTEMD_PRESET_ALL
>  
> +define SYSTEMD_UPDATE_CATALOGS
> +	$(HOST_DIR)/bin/journalctl --root=$(TARGET_DIR) --update-catalog
> +endef
> +
> +# SYSTEMD_UPDATE_CATALOGS needs to run after PURGE_LOCALES
> +ifeq ($(BR2_ENABLE_LOCALE_PURGE),y)
> +SYSTEMD_TARGET_FINALIZE_HOOKS += PURGE_LOCALES
> +endif
> +SYSTEMD_TARGET_FINALIZE_HOOKS += SYSTEMD_UPDATE_CATALOGS
> +
>  SYSTEMD_CONF_ENV = $(HOST_UTF8_LOCALE_ENV)
>  SYSTEMD_NINJA_ENV = $(HOST_UTF8_LOCALE_ENV)
>  
> @@ -577,6 +587,7 @@ HOST_SYSTEMD_DEPENDENCIES = \
>  #   $(HOST_DIR)/lib
>  # * thus re-tweak rpath after the installation for all binaries that need it
>  HOST_SYSTEMD_HOST_TOOLS = \
> +	journalctl \

Why are you adding journalctl to this list?

This list is only used to fix the RPATH in the prgrams. If the programs
do not need the RPATH, we don;t need to fix them up.

This list is not about identifying the host tools we are using (indeed,
most entries in that list are not used at all).

If however, you foudn a case where journalctl needs an RPATH entry,
then:
  - explain why: identify the libraries involved, and add explicit
    dependencies on the packages providign those libraries,
  - send that change in a separate patch.

Regards,
Yann E. MORIN.

>  	systemd-analyze \
>  	systemd-mount \
>  	systemctl \
> -- 
> 2.24.1
> 

-- 
.-----------------.--------------------.------------------.--------------------.
|  Yann E. MORIN  | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software  Designer | \ / CAMPAIGN     |  ___               |
| +33 561 099 427 `------------.-------:  X  AGAINST      |  \e/  There is no  |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL    |   v   conspiracy.  |
'------------------------------^-------^------------------^--------------------'

[Buildroot] [PATCH 10/10] package/systemd: invoke systemd-tmpfilesd on final image

[Norbert Lange]

Am So., 7. Juni 2020 um 13:15 Uhr schrieb J?r?my ROSEN <jeremy.rosen@smile.fr>:
>
> Awesome, LGTM
>
> Le jeu. 6 f?vr. 2020 ? 10:37, Norbert Lange <nolange79@gmail.com> a ?crit :
>>
>> Especially for read-only filesystems it is helpfull to
>> pre-create all folders for non-volatile paths.
>>
>> This needs to run under fakeroot to allow setting uids/gids/perms
>>
>> Signed-off-by: Norbert Lange <nolange79@gmail.com>
>> ---
>>  package/systemd/systemd.mk | 9 ++++++++-
>>  1 file changed, 8 insertions(+), 1 deletion(-)
>>
>> diff --git a/package/systemd/systemd.mk b/package/systemd/systemd.mk
>> index 4d6ff0be45..69e2e1bf41 100644
>> --- a/package/systemd/systemd.mk
>> +++ b/package/systemd/systemd.mk
>> @@ -518,6 +518,12 @@ SYSTEMD_TARGET_FINALIZE_HOOKS += PURGE_LOCALES
>>  endif
>>  SYSTEMD_TARGET_FINALIZE_HOOKS += SYSTEMD_UPDATE_CATALOGS
>>
>> +define SYSTEMD_CREATE_TMPFILES_HOOK
>> +       $(HOST_DIR)/bin/systemd-tmpfiles --root=$(TARGET_DIR) --create --boot \
>> +               $(addprefix --exclude-prefix=/,dev mnt proc run sys tmp) || :
>> +endef
>> +SYSTEMD_ROOTFS_PRE_CMD_HOOKS += SYSTEMD_CREATE_TMPFILES_HOOK
>> +
>>  SYSTEMD_CONF_ENV = $(HOST_UTF8_LOCALE_ENV)
>>  SYSTEMD_NINJA_ENV = $(HOST_UTF8_LOCALE_ENV)
>>
>> @@ -559,7 +565,7 @@ HOST_SYSTEMD_CONF_OPTS = \
>>         -Dvconsole=false \
>>         -Dquotacheck=false \
>>         -Dsysusers=false \
>> -       -Dtmpfiles=false \
>> +       -Dtmpfiles=true \
>>         -Dimportd=false \
>>         -Dhwdb=false \
>>         -Drfkill=false \
>> @@ -598,6 +604,7 @@ HOST_SYSTEMD_HOST_TOOLS = \
>>         journalctl \
>>         systemd-analyze \
>>         systemd-mount \
>> +       systemd-tmpfiles \
>>         systemctl \
>>         udevadm
>>
>> --
>> 2.24.1
>>
>> _______________________________________________
>> buildroot mailing list
>> buildroot at busybox.net
>> http://lists.busybox.net/mailman/listinfo/buildroot
>
>
>
> --
>
>
> 20 rue des Jardins
> 92600 Asni?res-sur-Seine
>
> J?r?my ROSEN
> Architecte technique
>
>  jeremy.rosen at smile.fr
>   +33 6 88 25 87 42
>  http://www.smile.eu
>
>
>

Well, not entirely good, it currently still needs a systemd patch
(upstream commit) to work correctly, which I haven't posted on the ML.
(waited for some feedback before respinning)

Norbert

[Buildroot] [PATCH 02/10] package/systemd: add libnss-systemd to name resolution

[Norbert Lange]

Am So., 7. Juni 2020 um 13:40 Uhr schrieb Yann E. MORIN
<yann.morin.1998@free.fr>:
>
> Nrobert, All,
>
> On 2020-02-06 10:36 +0100, Norbert Lange spake thusly:
> > The feature DynamicUser creates users/groups without
> > touching the /etc/{passwd,group} files on disk.
> > Adding the dynamic resolver to /etc/nsswitch.conf
> > ensures the Names are resolved consistently.
> >
> > Signed-off-by: Norbert Lange <nolange79@gmail.com>
> > ---
> >  package/systemd/systemd.mk | 8 ++++++++
> >  1 file changed, 8 insertions(+)
> >
> > diff --git a/package/systemd/systemd.mk b/package/systemd/systemd.mk
> > index 05b07cfd1b..a390cdd1a9 100644
> > --- a/package/systemd/systemd.mk
> > +++ b/package/systemd/systemd.mk
> > @@ -409,7 +409,15 @@ define SYSTEMD_INSTALL_MACHINEID_HOOK
> >       touch $(TARGET_DIR)/etc/machine-id
> >  endef
> >
> > +define SYSTEMD_ADD_NSSCONFIG_HOOK
> > +     grep >/dev/null '^passwd:.*systemd' $(TARGET_DIR)/etc/nsswitch.conf || \
>
> While this is valid sytx, we customarily put the redirection at the end
> of the command.
>
> However, in this case, you would want to use 'grep -q', as that does not
> output anything.

I will do if thats preferred, but I usually redirect because

"Portable shell scripts should avoid both -q and -s and should
redirect standard and error output to /dev/null instead."
(https://www.gnu.org/software/grep/manual/html_node/General-Output-Control.html)

>
> > +             sed '/^passwd:/ s/$$/ systemd/' $(TARGET_DIR)/etc/nsswitch.conf
>
> How can that even work? By default, sed will out put to stdout, not
> replace in-place.

Excellent point.

>
> This clearly has not been tested (or git-commit --amend was forgotten).

It's tested in a way, that I have the resulting file in the rootfs overlay ;)

>
> In this case, you want to use $(SED) that includes the -i option to do
> in-place modifications.
>
> > +     grep >/dev/null '^group:.*systemd' $(TARGET_DIR)/etc/nsswitch.conf || \
>
> Ditto grep -q.
>
> > +             sed '/^group:/ s/$$/ systemd/' $(TARGET_DIR)/etc/nsswitch.conf
>
> Ditto $(SED).
>
> Regards,
> Yann E. MORIN.
>
> > +endef
> > +
> >  SYSTEMD_POST_INSTALL_TARGET_HOOKS += \
> > +     SYSTEMD_ADD_NSSCONFIG_HOOK \
> >       SYSTEMD_INSTALL_INIT_HOOK \
> >       SYSTEMD_INSTALL_MACHINEID_HOOK \
> >       SYSTEMD_INSTALL_RESOLVCONF_HOOK
> > --
> > 2.24.1
> >
>
> --
> .-----------------.--------------------.------------------.--------------------.
> |  Yann E. MORIN  | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
> | +33 662 376 056 | Software  Designer | \ / CAMPAIGN     |  ___               |
> | +33 561 099 427 `------------.-------:  X  AGAINST      |  \e/  There is no  |
> | http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL    |   v   conspiracy.  |
> '------------------------------^-------^------------------^--------------------'

Come to think of it, systemd comes with 4 or so nss plugins, maybe
it's a better approach
to have a fully featured nsswitch.conf in the skeleton and then cut
out the plugins that are NOT built?
Or use the one from systemd (source: factory/etc/nsswitch.conf), after
a sed 's,compat,files,g'



Norbert

[Buildroot] [PATCH 08/10] package/systemd: add hook to update journalctl catalogs

[Norbert Lange]

Am So., 7. Juni 2020 um 17:57 Uhr schrieb Yann E. MORIN
<yann.morin.1998@free.fr>:
>
> Norbert, All,
>
> On 2020-02-06 10:36 +0100, Norbert Lange spake thusly:
> > journald supports catalog files, or rather a binary database of
> > those.
> > This add a hook to create said database from the available
> > catalog source files (which are not needed afterwards).
> >
> > One ugly workaround is or ensuring that PURGE_LOCALES is
> > called before, we do this by adding this hook
> > (will then run twice during the finalize target step).
> >
> > Signed-off-by: Norbert Lange <nolange79@gmail.com>
> > ---
> >  package/systemd/systemd.mk | 11 +++++++++++
> >  1 file changed, 11 insertions(+)
> >
> > diff --git a/package/systemd/systemd.mk b/package/systemd/systemd.mk
> > index 6ea25e3363..8db3a1b117 100644
> > --- a/package/systemd/systemd.mk
> > +++ b/package/systemd/systemd.mk
> > @@ -500,6 +500,16 @@ define SYSTEMD_PRESET_ALL
> >  endef
> >  SYSTEMD_ROOTFS_PRE_CMD_HOOKS += SYSTEMD_PRESET_ALL
> >
> > +define SYSTEMD_UPDATE_CATALOGS
> > +     $(HOST_DIR)/bin/journalctl --root=$(TARGET_DIR) --update-catalog
> > +endef
> > +
> > +# SYSTEMD_UPDATE_CATALOGS needs to run after PURGE_LOCALES
> > +ifeq ($(BR2_ENABLE_LOCALE_PURGE),y)
> > +SYSTEMD_TARGET_FINALIZE_HOOKS += PURGE_LOCALES
> > +endif
> > +SYSTEMD_TARGET_FINALIZE_HOOKS += SYSTEMD_UPDATE_CATALOGS
> > +
> >  SYSTEMD_CONF_ENV = $(HOST_UTF8_LOCALE_ENV)
> >  SYSTEMD_NINJA_ENV = $(HOST_UTF8_LOCALE_ENV)
> >
> > @@ -577,6 +587,7 @@ HOST_SYSTEMD_DEPENDENCIES = \
> >  #   $(HOST_DIR)/lib
> >  # * thus re-tweak rpath after the installation for all binaries that need it
> >  HOST_SYSTEMD_HOST_TOOLS = \
> > +     journalctl \
>
> Why are you adding journalctl to this list?

Been some months or a year, can only speculate, might be that I
originally had to enable building this tool aswell (before rebases).

>
> This list is only used to fix the RPATH in the prgrams. If the programs
> do not need the RPATH, we don;t need to fix them up.
>
> This list is not about identifying the host tools we are using (indeed,
> most entries in that list are not used at all).
>
> If however, you foudn a case where journalctl needs an RPATH entry,
> then:
>   - explain why: identify the libraries involved, and add explicit
>     dependencies on the packages providign those libraries,
>   - send that change in a separate patch.

Ok. I believe most if not all of systemd's tools depend on
libsystemd-*-245.so. If that's the case then a regex might be easier?

% for s in system* journa*; do readelf -d $s | grep -q
libsystemd-shared-245.so && echo $s; done
systemd-analyze
systemd-ask-password
systemd-cat
systemd-cgls
systemd-cgtop
systemd-delta
systemd-detect-virt
systemd-escape
systemd-id128
systemd-machine-id-setup
systemd-mount
systemd-notify
systemd-nspawn
systemd-path
systemd-run
systemd-socket-activate
systemd-stdio-bridge
systemd-tmpfiles
systemd-tty-ask-password-agent
systemd-umount
journalctl


Norbert

[Buildroot] [PATCH 02/10] package/systemd: add libnss-systemd to name resolution

[Jérémy ROSEN]

Le dim. 7 juin 2020 ? 21:35, Norbert Lange <nolange79@gmail.com> a ?crit :

> Am So., 7. Juni 2020 um 13:40 Uhr schrieb Yann E. MORIN
> <yann.morin.1998@free.fr>:
> >
> > Nrobert, All,
> >
> > On 2020-02-06 10:36 +0100, Norbert Lange spake thusly:
> > > The feature DynamicUser creates users/groups without
> > > touching the /etc/{passwd,group} files on disk.
> > > Adding the dynamic resolver to /etc/nsswitch.conf
> > > ensures the Names are resolved consistently.
> > >
> > > Signed-off-by: Norbert Lange <nolange79@gmail.com>
> > > ---
> > >  package/systemd/systemd.mk | 8 ++++++++
> > >  1 file changed, 8 insertions(+)
> > >
> > > diff --git a/package/systemd/systemd.mk b/package/systemd/systemd.mk
> > > index 05b07cfd1b..a390cdd1a9 100644
> > > --- a/package/systemd/systemd.mk
> > > +++ b/package/systemd/systemd.mk
> > > @@ -409,7 +409,15 @@ define SYSTEMD_INSTALL_MACHINEID_HOOK
> > >       touch $(TARGET_DIR)/etc/machine-id
> > >  endef
> > >
> > > +define SYSTEMD_ADD_NSSCONFIG_HOOK
> > > +     grep >/dev/null '^passwd:.*systemd'
> $(TARGET_DIR)/etc/nsswitch.conf || \
> >
> > While this is valid sytx, we customarily put the redirection at the end
> > of the command.
> >
> > However, in this case, you would want to use 'grep -q', as that does not
> > output anything.
>
> I will do if thats preferred, but I usually redirect because
>
> "Portable shell scripts should avoid both -q and -s and should
> redirect standard and error output to /dev/null instead."
> (
> https://www.gnu.org/software/grep/manual/html_node/General-Output-Control.html
> )
>
> >
> > > +             sed '/^passwd:/ s/$$/ systemd/'
> $(TARGET_DIR)/etc/nsswitch.conf
> >
> > How can that even work? By default, sed will out put to stdout, not
> > replace in-place.
>
> Excellent point.
>
> >
> > This clearly has not been tested (or git-commit --amend was forgotten).
>
> It's tested in a way, that I have the resulting file in the rootfs overlay
> ;)
>
> >
> > In this case, you want to use $(SED) that includes the -i option to do
> > in-place modifications.
> >
> > > +     grep >/dev/null '^group:.*systemd'
> $(TARGET_DIR)/etc/nsswitch.conf || \
> >
> > Ditto grep -q.
> >
> > > +             sed '/^group:/ s/$$/ systemd/'
> $(TARGET_DIR)/etc/nsswitch.conf
> >
> > Ditto $(SED).
> >
> > Regards,
> > Yann E. MORIN.
> >
> > > +endef
> > > +
> > >  SYSTEMD_POST_INSTALL_TARGET_HOOKS += \
> > > +     SYSTEMD_ADD_NSSCONFIG_HOOK \
> > >       SYSTEMD_INSTALL_INIT_HOOK \
> > >       SYSTEMD_INSTALL_MACHINEID_HOOK \
> > >       SYSTEMD_INSTALL_RESOLVCONF_HOOK
> > > --
> > > 2.24.1
> > >
> >
> > --
> >
> .-----------------.--------------------.------------------.--------------------.
> > |  Yann E. MORIN  | Real-Time Embedded | /"\ ASCII RIBBON | Erics'
> conspiracy: |
> > | +33 662 376 056 | Software  Designer | \ / CAMPAIGN     |  ___
>        |
> > | +33 561 099 427 `------------.-------:  X  AGAINST      |  \e/  There
> is no  |
> > | http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL    |   v
>  conspiracy.  |
> >
> '------------------------------^-------^------------------^--------------------'
>
> Come to think of it, systemd comes with 4 or so nss plugins, maybe
> it's a better approach
> to have a fully featured nsswitch.conf in the skeleton and then cut
> out the plugins that are NOT built?
> Or use the one from systemd (source: factory/etc/nsswitch.conf), after
> a sed 's,compat,files,g'
>
>
>
> Norbert
> _______________________________________________
> buildroot mailing list
> buildroot at busybox.net
> http://lists.busybox.net/mailman/listinfo/buildroot
>

For the record : systemd's upstream nsswitch.conf

# This file is part of systemd.

passwd:         compat mymachines systemd
group:          compat mymachines systemd
shadow:         compat

hosts:          files mymachines resolve [!UNAVAIL=return] dns myhostname
networks:       files

protocols:      db files
services:       db files
ethers:         db files
rpc:            db files

netgroup:       nis


* mymachines add resolution for local (machinectl compatible) containers.
   It also resolves UID/GID assigned to said-containers
* systemd adds UID/GID resolution for DynamicUser
  DynamicUser allows a service to run with a dynamically determined UID,
  thus simplifying configuration (no need for a line in /etc/passwd)

so independently of "how" I think it makes sense to always enable
nss-systemd
and enable mymachines when systemd-nspawn is compiled in.

-- 
[image: SMILE]  <http://www.smile.eu/>

20 rue des Jardins
92600 Asni?res-sur-Seine
*J?r?my ROSEN*
Architecte technique

[image: email] jeremy.rosen at smile.fr
[image: phone]  +33 6 88 25 87 42
[image: url] http://www.smile.eu

[image: Twitter] <https://twitter.com/GroupeSmile> [image: Facebook]
<https://www.facebook.com/smileopensource> [image: LinkedIn]
<https://www.linkedin.com/company/smile> [image: Github]
<https://github.com/Smile-SA>

[image: D?couvrez l?univers Smile, rendez-vous sur smile.eu]
<https://www.smile.eu/fr/publications/livres-blancs/yocto?utm_source=signature&utm_medium=email&utm_campaign=signature>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.busybox.net/pipermail/buildroot/attachments/20200608/eb84b6c0/attachment.html>

[Buildroot] [PATCH 02/10] package/systemd: add libnss-systemd to name resolution

[Norbert Lange]

Am Mo., 8. Juni 2020 um 12:09 Uhr schrieb J?r?my ROSEN <jeremy.rosen@smile.fr>:
>
>
>
> Le dim. 7 juin 2020 ? 21:35, Norbert Lange <nolange79@gmail.com> a ?crit :
>>
>> Am So., 7. Juni 2020 um 13:40 Uhr schrieb Yann E. MORIN
>> <yann.morin.1998@free.fr>:
>> >
>> > Nrobert, All,
>> >
>> > On 2020-02-06 10:36 +0100, Norbert Lange spake thusly:
>> > > The feature DynamicUser creates users/groups without
>> > > touching the /etc/{passwd,group} files on disk.
>> > > Adding the dynamic resolver to /etc/nsswitch.conf
>> > > ensures the Names are resolved consistently.
>> > >
>> > > Signed-off-by: Norbert Lange <nolange79@gmail.com>
>> > > ---
>> > >  package/systemd/systemd.mk | 8 ++++++++
>> > >  1 file changed, 8 insertions(+)
>> > >
>> > > diff --git a/package/systemd/systemd.mk b/package/systemd/systemd.mk
>> > > index 05b07cfd1b..a390cdd1a9 100644
>> > > --- a/package/systemd/systemd.mk
>> > > +++ b/package/systemd/systemd.mk
>> > > @@ -409,7 +409,15 @@ define SYSTEMD_INSTALL_MACHINEID_HOOK
>> > >       touch $(TARGET_DIR)/etc/machine-id
>> > >  endef
>> > >
>> > > +define SYSTEMD_ADD_NSSCONFIG_HOOK
>> > > +     grep >/dev/null '^passwd:.*systemd' $(TARGET_DIR)/etc/nsswitch.conf || \
>> >
>> > While this is valid sytx, we customarily put the redirection at the end
>> > of the command.
>> >
>> > However, in this case, you would want to use 'grep -q', as that does not
>> > output anything.
>>
>> I will do if thats preferred, but I usually redirect because
>>
>> "Portable shell scripts should avoid both -q and -s and should
>> redirect standard and error output to /dev/null instead."
>> (https://www.gnu.org/software/grep/manual/html_node/General-Output-Control.html)
>>
>> >
>> > > +             sed '/^passwd:/ s/$$/ systemd/' $(TARGET_DIR)/etc/nsswitch.conf
>> >
>> > How can that even work? By default, sed will out put to stdout, not
>> > replace in-place.
>>
>> Excellent point.
>>
>> >
>> > This clearly has not been tested (or git-commit --amend was forgotten).
>>
>> It's tested in a way, that I have the resulting file in the rootfs overlay ;)
>>
>> >
>> > In this case, you want to use $(SED) that includes the -i option to do
>> > in-place modifications.
>> >
>> > > +     grep >/dev/null '^group:.*systemd' $(TARGET_DIR)/etc/nsswitch.conf || \
>> >
>> > Ditto grep -q.
>> >
>> > > +             sed '/^group:/ s/$$/ systemd/' $(TARGET_DIR)/etc/nsswitch.conf
>> >
>> > Ditto $(SED).
>> >
>> > Regards,
>> > Yann E. MORIN.
>> >
>> > > +endef
>> > > +
>> > >  SYSTEMD_POST_INSTALL_TARGET_HOOKS += \
>> > > +     SYSTEMD_ADD_NSSCONFIG_HOOK \
>> > >       SYSTEMD_INSTALL_INIT_HOOK \
>> > >       SYSTEMD_INSTALL_MACHINEID_HOOK \
>> > >       SYSTEMD_INSTALL_RESOLVCONF_HOOK
>> > > --
>> > > 2.24.1
>> > >
>> >
>> > --
>> > .-----------------.--------------------.------------------.--------------------.
>> > |  Yann E. MORIN  | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
>> > | +33 662 376 056 | Software  Designer | \ / CAMPAIGN     |  ___               |
>> > | +33 561 099 427 `------------.-------:  X  AGAINST      |  \e/  There is no  |
>> > | http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL    |   v   conspiracy.  |
>> > '------------------------------^-------^------------------^--------------------'
>>
>> Come to think of it, systemd comes with 4 or so nss plugins, maybe
>> it's a better approach
>> to have a fully featured nsswitch.conf in the skeleton and then cut
>> out the plugins that are NOT built?
>> Or use the one from systemd (source: factory/etc/nsswitch.conf), after
>> a sed 's,compat,files,g'
>>
>>
>>
>> Norbert
>> _______________________________________________
>> buildroot mailing list
>> buildroot at busybox.net
>> http://lists.busybox.net/mailman/listinfo/buildroot
>
>
> For the record : systemd's upstream nsswitch.conf
>
> # This file is part of systemd.
>
> passwd:         compat mymachines systemd
> group:          compat mymachines systemd
> shadow:         compat
>
> hosts:          files mymachines resolve [!UNAVAIL=return] dns myhostname
> networks:       files
>
> protocols:      db files
> services:       db files
> ethers:         db files
> rpc:            db files
>
> netgroup:       nis
>
>
> * mymachines add resolution for local (machinectl compatible) containers.
>    It also resolves UID/GID assigned to said-containers
> * systemd adds UID/GID resolution for DynamicUser
>   DynamicUser allows a service to run with a dynamically determined UID,
>   thus simplifying configuration (no need for a line in /etc/passwd)
>
> so independently of "how" I think it makes sense to always enable nss-systemd
> and enable mymachines when systemd-nspawn is compiled in.

Actually I would consider the rootfs broken if no nss-systemd is used,
some services that ship with systemd use this feature and might behave odd.

I havent re-rolled the entire series, but I changed the code to enable systemd,
myhostname and resolve. mymachines is a bit tricky with the placement
in the middle.
(thats why I would prefer using a "full-featured" and just removing
the non-existent ones, doesn't need a check to prevent adding multiple
times either)


>
> --
>
>
> 20 rue des Jardins
> 92600 Asni?res-sur-Seine
>
> J?r?my ROSEN
> Architecte technique
>
>  jeremy.rosen at smile.fr
>   +33 6 88 25 87 42
>  http://www.smile.eu
>
>
>