user/group XXX does not exist, using root with RPM/DNF packaging in Hardknott and Honister

user/group XXX does not exist, using root with RPM/DNF packaging in Hardknott and Honister

[Zoltan Boszormenyi]

Hi,

I have a special package that creates users and groups
via inherit useradd. This package doesn't depend on any
others but it is depended on, both via DEPENDS and RDEPENDS
by packages using those users/groups in their do_install
scripts.

This works for packaging becase these ownerships
are encoded in the packages, confirmed by rpm -qp --dump ...

However, during do_rootfs, a couple of
"user/group XXX does not exist, using root"
messages appear for the packages depending on others
creating these users/groups.

log.do_rootfs shows that the package installation ordering
does not follow RDEPENDS. Instead, it's practically an
alphabetical order when running dnf.

This doesn't just involve my custom packages, but also clamav
plus another one in which I ship a small limited set of
virus signatures, also chown'd to clamav and with RDEPENDS
on clamav.

What is the correct solution to this?

Thanks in advance,
Zoltán Böszörményi

Re: user/group XXX does not exist, using root with RPM/DNF packaging in Hardknott and Honister

[Khem Raj]

On 9/24/21 7:02 AM, Böszörményi Zoltán wrote:
> Hi,
> 
> I have a special package that creates users and groups
> via inherit useradd. This package doesn't depend on any
> others but it is depended on, both via DEPENDS and RDEPENDS
> by packages using those users/groups in their do_install
> scripts.
> 
> This works for packaging becase these ownerships
> are encoded in the packages, confirmed by rpm -qp --dump ...
> 
> However, during do_rootfs, a couple of
> "user/group XXX does not exist, using root"
> messages appear for the packages depending on others
> creating these users/groups.
> 
> log.do_rootfs shows that the package installation ordering
> does not follow RDEPENDS. Instead, it's practically an
> alphabetical order when running dnf.
> 
> This doesn't just involve my custom packages, but also clamav
> plus another one in which I ship a small limited set of
> virus signatures, also chown'd to clamav and with RDEPENDS
> on clamav.
> 
> What is the correct solution to this?

You can define it via conf metadata e.g.

INHERIT += "extrausers"


EXTRA_USERS_PARAMS += "\
     useradd foo; \
     usermod -p 'XXXX' foo; \
     usermod -a -G adm foo; \
     usermod -a -G video foo; \
     usermod -a -G audio foo; \
     usermod -a -G systemd-journal foo; \
"


> 
> Thanks in advance,
> Zoltán Böszörményi

Re: [OE-core] user/group XXX does not exist, using root with RPM/DNF packaging in Hardknott and Honister

[Zoltan Boszormenyi]

On 2021. 09. 24. 18:22, Khem Raj wrote:
> 
> 
> On 9/24/21 7:02 AM, Böszörményi Zoltán wrote:
>> Hi,
>>
>> I have a special package that creates users and groups
>> via inherit useradd. This package doesn't depend on any
>> others but it is depended on, both via DEPENDS and RDEPENDS
>> by packages using those users/groups in their do_install
>> scripts.
>>
>> This works for packaging becase these ownerships
>> are encoded in the packages, confirmed by rpm -qp --dump ...
>>
>> However, during do_rootfs, a couple of
>> "user/group XXX does not exist, using root"
>> messages appear for the packages depending on others
>> creating these users/groups.
>>
>> log.do_rootfs shows that the package installation ordering
>> does not follow RDEPENDS. Instead, it's practically an
>> alphabetical order when running dnf.
>>
>> This doesn't just involve my custom packages, but also clamav
>> plus another one in which I ship a small limited set of
>> virus signatures, also chown'd to clamav and with RDEPENDS
>> on clamav.
>>
>> What is the correct solution to this?
> 
> You can define it via conf metadata e.g.
> 
> INHERIT += "extrausers"
> 
> 
> EXTRA_USERS_PARAMS += "\
>      useradd foo; \
>      usermod -p 'XXXX' foo; \
>      usermod -a -G adm foo; \
>      usermod -a -G video foo; \
>      usermod -a -G audio foo; \
>      usermod -a -G systemd-journal foo; \
> "

Thanks, I will try it.
You mean local.conf or layer.conf?

> 
> 
>>
>> Thanks in advance,
>> Zoltán Böszörményi
> 
> 
> 
> 

Re: [OE-core] user/group XXX does not exist, using root with RPM/DNF packaging in Hardknott and Honister

[Khem Raj]

On Fri, Sep 24, 2021 at 9:36 AM Böszörményi Zoltán <zboszor@pr.hu> wrote:
>
> On 2021. 09. 24. 18:22, Khem Raj wrote:
> >
> >
> > On 9/24/21 7:02 AM, Böszörményi Zoltán wrote:
> >> Hi,
> >>
> >> I have a special package that creates users and groups
> >> via inherit useradd. This package doesn't depend on any
> >> others but it is depended on, both via DEPENDS and RDEPENDS
> >> by packages using those users/groups in their do_install
> >> scripts.
> >>
> >> This works for packaging becase these ownerships
> >> are encoded in the packages, confirmed by rpm -qp --dump ...
> >>
> >> However, during do_rootfs, a couple of
> >> "user/group XXX does not exist, using root"
> >> messages appear for the packages depending on others
> >> creating these users/groups.
> >>
> >> log.do_rootfs shows that the package installation ordering
> >> does not follow RDEPENDS. Instead, it's practically an
> >> alphabetical order when running dnf.
> >>
> >> This doesn't just involve my custom packages, but also clamav
> >> plus another one in which I ship a small limited set of
> >> virus signatures, also chown'd to clamav and with RDEPENDS
> >> on clamav.
> >>
> >> What is the correct solution to this?
> >
> > You can define it via conf metadata e.g.
> >
> > INHERIT += "extrausers"
> >
> >
> > EXTRA_USERS_PARAMS += "\
> >      useradd foo; \
> >      usermod -p 'XXXX' foo; \
> >      usermod -a -G adm foo; \
> >      usermod -a -G video foo; \
> >      usermod -a -G audio foo; \
> >      usermod -a -G systemd-journal foo; \
> > "
>
> Thanks, I will try it.
> You mean local.conf or layer.conf?

local.conf or site.conf or your distro conf anyone is ok
>
> >
> >
> >>
> >> Thanks in advance,
> >> Zoltán Böszörményi
> >
> >
> > -=-=-=-=-=-=-=-=-=-=-=-
> > Links: You receive all messages sent to this group.
> > View/Reply Online (#156334): https://lists.openembedded.org/g/openembedded-core/message/156334
> > Mute This Topic: https://lists.openembedded.org/mt/85839631/3617728
> > Group Owner: openembedded-core+owner@lists.openembedded.org
> > Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [zboszor@pr.hu]
> > -=-=-=-=-=-=-=-=-=-=-=-
> >
>

Re: [OE-core] user/group XXX does not exist, using root with RPM/DNF packaging in Hardknott and Honister

[Mark Hatle]

On 9/24/21 9:02 AM, Zoltan Boszormenyi via lists.openembedded.org wrote:
> Hi,
> 
> I have a special package that creates users and groups
> via inherit useradd. This package doesn't depend on any
> others but it is depended on, both via DEPENDS and RDEPENDS
> by packages using those users/groups in their do_install
> scripts.
> 
> This works for packaging becase these ownerships
> are encoded in the packages, confirmed by rpm -qp --dump ...

Does it show the useradd in the _PREINSTALL_ (you can use --scriptlets in the
rpm -qp)?

> However, during do_rootfs, a couple of
> "user/group XXX does not exist, using root"
> messages appear for the packages depending on others
> creating these users/groups.

Do the using packages contain RDEPENDS on the package that adds the user/group
to the system?

> log.do_rootfs shows that the package installation ordering
> does not follow RDEPENDS. Instead, it's practically an
> alphabetical order when running dnf.
> 
> This doesn't just involve my custom packages, but also clamav
> plus another one in which I ship a small limited set of
> virus signatures, also chown'd to clamav and with RDEPENDS
> on clamav.
> 
> What is the correct solution to this?

Typically the combination of the pre-install scriptlet, along with RDEPENDS will
ensure that the user has been added before the install completes.

--Mark

> Thanks in advance,
> Zoltán Böszörményi
> 
> 
> 
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#156296): https://lists.openembedded.org/g/openembedded-core/message/156296
> Mute This Topic: https://lists.openembedded.org/mt/85839631/3616948
> Group Owner: openembedded-core+owner@lists.openembedded.org
> Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [mark.hatle@kernel.crashing.org]
> -=-=-=-=-=-=-=-=-=-=-=-
> 

Re: [OE-core] user/group XXX does not exist, using root with RPM/DNF packaging in Hardknott and Honister

[Zoltan Boszormenyi]

On 2021. 09. 24. 19:17, Mark Hatle wrote:
> 
> 
> On 9/24/21 9:02 AM, Zoltan Boszormenyi via lists.openembedded.org wrote:
>> Hi,
>>
>> I have a special package that creates users and groups
>> via inherit useradd. This package doesn't depend on any
>> others but it is depended on, both via DEPENDS and RDEPENDS
>> by packages using those users/groups in their do_install
>> scripts.
>>
>> This works for packaging becase these ownerships
>> are encoded in the packages, confirmed by rpm -qp --dump ...
> 
> Does it show the useradd in the _PREINSTALL_ (you can use --scriptlets in the
> rpm -qp)?

For the package that adds the users, yes.

> 
>> However, during do_rootfs, a couple of
>> "user/group XXX does not exist, using root"
>> messages appear for the packages depending on others
>> creating these users/groups.
> 
> Do the using packages contain RDEPENDS on the package that adds the user/group
> to the system?

My bad. One of my custom packages did not and the
warnings were printed by that single package.

On the other hand, clamav-freshclam (both in meta-security
and my layer where I forked an older version of the recipe)
do not have an RDEPENDS on clamav. Instead, it's the other
way around.

There the problem is that clamav-freshclam is shipping
/var/lib/clamav that should be owned by clamav:clamav.
meta-security works this around badly by using chown in its
pkg_postinst which is NOT marked as "ontarget" so if clamav
is included in an image, then that chown doesn't take effect
and e.g. freshclamd (running under the clamav user) cannot
populate /var/lib/clamav with the current virus database.

> 
>> log.do_rootfs shows that the package installation ordering
>> does not follow RDEPENDS. Instead, it's practically an
>> alphabetical order when running dnf.
>>
>> This doesn't just involve my custom packages, but also clamav
>> plus another one in which I ship a small limited set of
>> virus signatures, also chown'd to clamav and with RDEPENDS
>> on clamav.
>>
>> What is the correct solution to this?
> 
> Typically the combination of the pre-install scriptlet, along with RDEPENDS will
> ensure that the user has been added before the install completes.
> 
> --Mark
> 
>> Thanks in advance,
>> Zoltán Böszörményi
>>
>>
>>
>>
>>
>>
>>
>> 
>>

Re: [OE-core] user/group XXX does not exist, using root with RPM/DNF packaging in Hardknott and Honister

[Richard Purdie]

On Sat, 2021-09-25 at 10:48 +0200, Zoltan Boszormenyi via lists.openembedded.org
wrote:
> On 2021. 09. 24. 19:17, Mark Hatle wrote:
> > 
> > 
> > On 9/24/21 9:02 AM, Zoltan Boszormenyi via lists.openembedded.org wrote:
> > > Hi,
> > > 
> > > I have a special package that creates users and groups
> > > via inherit useradd. This package doesn't depend on any
> > > others but it is depended on, both via DEPENDS and RDEPENDS
> > > by packages using those users/groups in their do_install
> > > scripts.
> > > 
> > > This works for packaging becase these ownerships
> > > are encoded in the packages, confirmed by rpm -qp --dump ...
> > 
> > Does it show the useradd in the _PREINSTALL_ (you can use --scriptlets in the
> > rpm -qp)?
> 
> For the package that adds the users, yes.
> 
> > 
> > > However, during do_rootfs, a couple of
> > > "user/group XXX does not exist, using root"
> > > messages appear for the packages depending on others
> > > creating these users/groups.
> > 
> > Do the using packages contain RDEPENDS on the package that adds the user/group
> > to the system?
> 
> My bad. One of my custom packages did not and the
> warnings were printed by that single package.
> 
> On the other hand, clamav-freshclam (both in meta-security
> and my layer where I forked an older version of the recipe)
> do not have an RDEPENDS on clamav. Instead, it's the other
> way around.
> 
> There the problem is that clamav-freshclam is shipping
> /var/lib/clamav that should be owned by clamav:clamav.
> meta-security works this around badly by using chown in its
> pkg_postinst which is NOT marked as "ontarget" so if clamav
> is included in an image, then that chown doesn't take effect
> and e.g. freshclamd (running under the clamav user) cannot
> populate /var/lib/clamav with the current virus database.
> 
> 

That sounds like a bug in clamav-freshclam which needs a dependency adding?

Cheers,

Richard

Re: [OE-core] user/group XXX does not exist, using root with RPM/DNF packaging in Hardknott and Honister

[Böszörményi Zoltán]

On 2021. 09. 25. 11:18, Richard Purdie wrote:
> On Sat, 2021-09-25 at 10:48 +0200, Zoltan Boszormenyi via lists.openembedded.org
> wrote:
>> On 2021. 09. 24. 19:17, Mark Hatle wrote:
>>>
>>>
>>> On 9/24/21 9:02 AM, Zoltan Boszormenyi via lists.openembedded.org wrote:
>>>> Hi,
>>>>
>>>> I have a special package that creates users and groups
>>>> via inherit useradd. This package doesn't depend on any
>>>> others but it is depended on, both via DEPENDS and RDEPENDS
>>>> by packages using those users/groups in their do_install
>>>> scripts.
>>>>
>>>> This works for packaging becase these ownerships
>>>> are encoded in the packages, confirmed by rpm -qp --dump ...
>>>
>>> Does it show the useradd in the _PREINSTALL_ (you can use --scriptlets in the
>>> rpm -qp)?
>>
>> For the package that adds the users, yes.
>>
>>>
>>>> However, during do_rootfs, a couple of
>>>> "user/group XXX does not exist, using root"
>>>> messages appear for the packages depending on others
>>>> creating these users/groups.
>>>
>>> Do the using packages contain RDEPENDS on the package that adds the user/group
>>> to the system?
>>
>> My bad. One of my custom packages did not and the
>> warnings were printed by that single package.
>>
>> On the other hand, clamav-freshclam (both in meta-security
>> and my layer where I forked an older version of the recipe)
>> do not have an RDEPENDS on clamav. Instead, it's the other
>> way around.
>>
>> There the problem is that clamav-freshclam is shipping
>> /var/lib/clamav that should be owned by clamav:clamav.
>> meta-security works this around badly by using chown in its
>> pkg_postinst which is NOT marked as "ontarget" so if clamav
>> is included in an image, then that chown doesn't take effect
>> and e.g. freshclamd (running under the clamav user) cannot
>> populate /var/lib/clamav with the current virus database.
>>
>>
> 
> That sounds like a bug in clamav-freshclam which needs a dependency adding?

Or just move /var/lib/clamav (the empty directory)
from clamav-freshclam to clamav.

> 
> Cheers,
> 
> Richard
> 
> 
> 
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#156342): https://lists.openembedded.org/g/openembedded-core/message/156342
> Mute This Topic: https://lists.openembedded.org/mt/85839631/3617728
> Group Owner: openembedded-core+owner@lists.openembedded.org
> Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [zboszor@pr.hu]
> -=-=-=-=-=-=-=-=-=-=-=-
>