Shift user/group creation earlier in image build for rootfs image types (#6957)
This commit is contained in:
parent
acd481aa09
commit
b5f92064f6
|
@ -6,7 +6,8 @@
|
|||
"cronie-anacron",
|
||||
"logrotate",
|
||||
"core-packages-base-image",
|
||||
"initramfs"
|
||||
"initramfs",
|
||||
"shadow-utils"
|
||||
],
|
||||
"_comment": "Install 'initramfs' last to avoid unnecessary regeneration when other packages, such as 'kernel', are installed."
|
||||
}
|
||||
|
|
|
@ -119,6 +119,7 @@ func validatePackages(config configuration.Config) (err error) {
|
|||
verityDebugPkgName = "verity-read-only-root-debug-tools"
|
||||
dracutFipsPkgName = "dracut-fips"
|
||||
fipsKernelCmdLine = "fips=1"
|
||||
userAddPkgName = "shadow-utils"
|
||||
)
|
||||
|
||||
for _, systemConfig := range config.SystemConfigs {
|
||||
|
@ -130,6 +131,7 @@ func validatePackages(config configuration.Config) (err error) {
|
|||
foundVerityInitramfsPackage := false
|
||||
foundVerityInitramfsDebugPackage := false
|
||||
foundDracutFipsPackage := false
|
||||
foundUserAddPackage := false
|
||||
kernelCmdLineString := systemConfig.KernelCommandLine.ExtraCommandLine
|
||||
selinuxPkgName := systemConfig.KernelCommandLine.SELinuxPolicy
|
||||
if selinuxPkgName == "" {
|
||||
|
@ -152,6 +154,9 @@ func validatePackages(config configuration.Config) (err error) {
|
|||
if pkg == selinuxPkgName {
|
||||
foundSELinuxPackage = true
|
||||
}
|
||||
if pkg == userAddPkgName {
|
||||
foundUserAddPackage = true
|
||||
}
|
||||
}
|
||||
if systemConfig.ReadOnlyVerityRoot.Enable {
|
||||
if !foundVerityInitramfsPackage {
|
||||
|
@ -171,6 +176,11 @@ func validatePackages(config configuration.Config) (err error) {
|
|||
return fmt.Errorf("%s: [SELinux] selected, but '%s' package is not included in the package lists", validateError, selinuxPkgName)
|
||||
}
|
||||
}
|
||||
if len(systemConfig.Users) > 0 || len(systemConfig.Groups) > 0 {
|
||||
if !foundUserAddPackage {
|
||||
return fmt.Errorf("%s: add users require '%s' package that is not included in the package lists", validateError, userAddPkgName)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return
|
||||
|
|
|
@ -388,6 +388,7 @@ func PopulateInstallRoot(installChroot *safechroot.Chroot, packagesToInstall []s
|
|||
|
||||
const (
|
||||
filesystemPkg = "filesystem"
|
||||
shadowUtilsPkg = "shadow-utils"
|
||||
)
|
||||
|
||||
defer stopGPGAgent(installChroot)
|
||||
|
@ -439,6 +440,14 @@ func PopulateInstallRoot(installChroot *safechroot.Chroot, packagesToInstall []s
|
|||
if err != nil {
|
||||
return
|
||||
}
|
||||
if len(config.Users) > 0 || len(config.Groups) > 0 {
|
||||
shadowUtilsInstalled := 0
|
||||
shadowUtilsInstalled, err = TdnfInstallWithProgress(shadowUtilsPkg, installRoot, packagesInstalled, totalPackages, true)
|
||||
if err != nil {
|
||||
return
|
||||
}
|
||||
packagesInstalled += shadowUtilsInstalled
|
||||
}
|
||||
|
||||
hostname := config.Hostname
|
||||
if !isRootFS && mountPointToFsTypeMap[rootMountPoint] != overlay {
|
||||
|
@ -449,6 +458,18 @@ func PopulateInstallRoot(installChroot *safechroot.Chroot, packagesToInstall []s
|
|||
}
|
||||
}
|
||||
|
||||
// Add groups
|
||||
err = addGroups(installChroot, config.Groups)
|
||||
if err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
// Add users
|
||||
err = addUsers(installChroot, config.Users)
|
||||
if err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
// Install packages one-by-one to avoid exhausting memory
|
||||
// on low resource systems
|
||||
for _, pkg := range packagesToInstall {
|
||||
|
@ -473,18 +494,6 @@ func PopulateInstallRoot(installChroot *safechroot.Chroot, packagesToInstall []s
|
|||
if err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
// Add groups
|
||||
err = addGroups(installChroot, config.Groups)
|
||||
if err != nil {
|
||||
return
|
||||
}
|
||||
}
|
||||
|
||||
// Add users
|
||||
err = addUsers(installChroot, config.Users)
|
||||
if err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
// Add machine-id
|
||||
|
|
Loading…
Reference in New Issue