From owner-svn-ports-head@freebsd.org Mon Apr 18 18:39:46 2016 Return-Path: Delivered-To: svn-ports-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 425D0B12868; Mon, 18 Apr 2016 18:39:46 +0000 (UTC) (envelope-from mat@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 06E881D82; Mon, 18 Apr 2016 18:39:45 +0000 (UTC) (envelope-from mat@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id u3IIdjRX065998; Mon, 18 Apr 2016 18:39:45 GMT (envelope-from mat@FreeBSD.org) Received: (from mat@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id u3IIdjhn065995; Mon, 18 Apr 2016 18:39:45 GMT (envelope-from mat@FreeBSD.org) Message-Id: <201604181839.u3IIdjhn065995@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: mat set sender to mat@FreeBSD.org using -f From: Mathieu Arnold Date: Mon, 18 Apr 2016 18:39:45 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r413604 - in head/Mk: . Scripts X-SVN-Group: ports-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-head@freebsd.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: SVN commit messages for the ports tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 18 Apr 2016 18:39:46 -0000 Author: mat Date: Mon Apr 18 18:39:44 2016 New Revision: 413604 URL: https://svnweb.freebsd.org/changeset/ports/413604 Log: Extract the users/groups creation into a separate shell script. This adds a few features: - it checks that the UID line has the right number of fields [1] - it tells the user that there are groups that he may want to remove [2] PR: 208800, 173318 [1], 157546 [2] Submitted by: mat Sponsored by: Absolight Differential Revision: https://reviews.freebsd.org/D5939 Added: head/Mk/Scripts/do-users-groups.sh (contents, props changed) Modified: head/Mk/bsd.port.mk (contents, props changed) Added: head/Mk/Scripts/do-users-groups.sh ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/Mk/Scripts/do-users-groups.sh Mon Apr 18 18:39:44 2016 (r413604) @@ -0,0 +1,179 @@ +#!/bin/sh +# $FreeBSD$ +# +# MAINTAINER: portmgr@FreeBSD.org + +set -e + +. "${dp_SCRIPTSDIR}/functions.sh" + +validate_env dp_ECHO_MSG dp_GID_FILES dp_GID_OFFSET dp_GROUPS_BLACKLIST \ + dp_INSTALL dp_OPSYS dp_OSVERSION dp_PREFIX dp_PW dp_SCRIPTSDIR \ + dp_UG_DEINSTALL dp_UG_INSTALL dp_UID_FILES dp_UID_OFFSET \ + dp_USERS_BLACKLIST + +set -u + +USERS=$1 +GROUPS=$2 + +error() { + ${dp_ECHO_MSG} "${1}" + + exit 1 +} + +rm -f "${dp_UG_INSTALL}" "${dp_UG_DEINSTALL}" || : + +# Before FreeBSD 10.2, PW did not have -R support. +if [ "${dp_OPSYS}" = FreeBSD ] && [ "${dp_OSVERSION}" -ge 1002000 ]; then + cat >> "${dp_UG_INSTALL}" <<-eot + if [ -n "\${PKG_ROOTDIR}" ] && [ "\${PKG_ROOTDIR}" != "/" ]; then + PW="${dp_PW} -R \${PKG_ROOTDIR}" + else + PW=${dp_PW} + fi + eot +else + echo "PW=${dp_PW}" >> "${dp_UG_INSTALL}" +fi + +# Both scripts need to start the same, so +cp -f "${dp_UG_INSTALL}" "${dp_UG_DEINSTALL}" + +if [ -n "${GROUPS}" ]; then + for file in ${dp_GID_FILES}; do + if [ ! -f "${file}" ]; then + error "** ${file} doesn't exist. Exiting." + fi + done + ${dp_ECHO_MSG} "===> Creating groups." + echo "echo \"===> Creating groups.\"" >> "${dp_UG_INSTALL}" + for group in ${GROUPS}; do + # _bgpd:*:130: + if ! grep -q "^${group}:" ${dp_GID_FILES}; then \ + error "** Cannot find any information about group \`${group}' in ${dp_GID_FILES}." + fi + o_IFS=${IFS} + IFS=":" + while read -r group _ gid _; do + if [ -z "${gid}" ]; then + error "Group line for group ${group} has no gid" + fi + gid=$((gid+dp_GID_OFFSET)) + cat >> "${dp_UG_INSTALL}" <<-eot2 + if ! \${PW} groupshow $group >/dev/null 2>&1; then + echo "Creating group '$group' with gid '$gid'." + \${PW} groupadd $group -g $gid + else + echo "Using existing group '$group'." + fi + eot2 + done <<-eot + $(grep -h "^${group}:" ${dp_GID_FILES} | head -n 1) + eot + IFS=${o_IFS} + done +fi + +if [ -n "${USERS}" ]; then + for file in ${dp_UID_FILES}; do + if [ ! -f "${file}" ]; then + error "** ${file} doesn't exist. Exiting." + fi + done + + ${dp_ECHO_MSG} "===> Creating users" + echo "echo \"===> Creating users\"" >> "${dp_UG_INSTALL}" + + for user in ${USERS}; do + # _bgpd:*:130:130:BGP Daemon:/var/empty:/sbin/nologin + if ! grep -q "^${user}:" ${dp_UID_FILES} ; then + error "** Cannot find any information about user \`${user}' in ${dp_UID_FILES}." + fi + o_IFS=${IFS} + IFS=":" + while read -r login _ uid gid class _ _ gecos homedir shell; do + if [ -z "$uid" ] || [ -z "$gid" ] || [ -z "$homedir" ] || [ -z "$shell" ]; then + error "User line for ${user} is invalid" + fi + uid=$((uid+dp_UID_OFFSET)) + gid=$((gid+dp_GID_OFFSET)) + if [ -n "$class" ]; then + class="-L $class" + fi + homedir=$(echo "$homedir" | sed "s|^/usr/local|${dp_PREFIX}|") + cat >> "${dp_UG_INSTALL}" <<-eot2 + if ! \${PW} usershow $login >/dev/null 2>&1; then + echo "Creating user '$login' with uid '$uid'." + \${PW} useradd $login -u $uid -g $gid $class -c "$gecos" -d $homedir -s $shell + else + echo "Using existing user '$login'." + fi + eot2 + case $homedir in + /|/nonexistent|/var/empty) + ;; + *) + echo "${dp_INSTALL} -d -g $gid -o $uid $homedir" >> "${dp_UG_INSTALL}" + ;; + esac + done <<-eot + $(grep -h "^${user}:" ${dp_UID_FILES} | head -n 1) + eot + IFS=${o_IFS} + done +fi + +if [ -n "${GROUPS}" ]; then + for group in ${GROUPS}; do + # mail:*:6:postfix,clamav + o_IFS=${IFS} + IFS=":" + while read -r group _ gid members; do + gid=$((gid+dp_GID_OFFSET)) + oo_IFS=${IFS} + IFS="," + for login in $members; do + for user in ${USERS}; do + if [ -n "${user}" ] && [ "${user}" = "${login}" ]; then + cat >> "${dp_UG_INSTALL}" <<-eot2 + if ! \${PW} groupshow ${group} | grep -qw ${login}; then + echo "Adding user '${login}' to group '${group}'." + \${PW} groupmod ${group} -m ${login} + fi + eot2 + fi + done + done + IFS=${oo_IFS} + done <<-eot + $(grep -h "^${group}:" ${dp_GID_FILES} | head -n 1) + eot + IFS=${o_IFS} + done +fi + +if [ -n "${USERS}" ]; then + for user in ${USERS}; do + if ! echo "${dp_USERS_BLACKLIST}" | grep -qw "${user}"; then + cat >> "${dp_UG_DEINSTALL}" <<-eot + if \${PW} usershow ${user} >/dev/null 2>&1; then + echo "==> You should manually remove the \"${user}\" user. " + fi + eot + fi + done +fi + +if [ -n "${GROUPS}" ]; then + for group in ${GROUPS}; do + if ! echo "${dp_GROUPS_BLACKLIST}" | grep -qw "${group}"; then + cat >> "${dp_UG_DEINSTALL}" <<-eot + if \${PW} groupshow ${group} >/dev/null 2>&1; then + echo "==> You should manually remove the \"${group}\" group " + fi + eot + fi + done +fi Modified: head/Mk/bsd.port.mk ============================================================================== --- head/Mk/bsd.port.mk Mon Apr 18 18:17:19 2016 (r413603) +++ head/Mk/bsd.port.mk Mon Apr 18 18:39:44 2016 (r413604) @@ -1245,6 +1245,10 @@ GID_OFFSET?= 0 # alpha numeric sort order USERS_BLACKLIST= _dhcp _pflogd auditdistd bin bind daemon games hast kmem mailnull man news nobody operator pop proxy root smmsp sshd toor tty uucp www +# predefined accounts from src/etc/group +# alpha numeric sort order +GROUPS_BLACKLIST= _dhcp _pflogd audit authpf bin bind daemon dialer ftp games guest hast kmem mail mailnull man network news nobody nogroup operator proxy smmsp sshd staff sys tty unbound uucp wheel www + LDCONFIG_DIR= libdata/ldconfig LDCONFIG32_DIR= libdata/ldconfig32 @@ -3665,96 +3669,28 @@ install-ldconfig-file: .if !target(create-users-groups) .if defined(GROUPS) || defined(USERS) -_UG_OUTPUT= ${WRKDIR}/users-groups.sh -PKGPREINSTALL+= ${_UG_OUTPUT} +_UG_INSTALL= ${WRKDIR}/users-groups-install.sh +_UG_DEINSTALL= ${WRKDIR}/users-groups-deinstall.sh +PKGPREINSTALL+= ${_UG_INSTALL} +PKGPOSTDEINSTALL+= ${_UG_DEINSTALL} create-users-groups: - @${RM} -f ${_UG_OUTPUT} || ${TRUE} -.if ${OPSYS} != FreeBSD || ${OSVERSION} < 1002000 - @${ECHO_CMD} "PW=${PW}" >> ${_UG_OUTPUT} -.else - @${ECHO_CMD} -e "if [ -n \"\$${PKG_ROOTDIR}\" -a \"\$${PKG_ROOTDIR}\" != \"/\" ]; then PW=\"${PW} -R \$${PKG_ROOTDIR}\"; else PW=${PW}; fi" >> ${_UG_OUTPUT} -.endif -.if defined(GROUPS) -.for _file in ${GID_FILES} -.if !exists(${_file}) - @${ECHO_CMD} "** ${_file} doesn't exist. Exiting."; exit 1 -.endif -.endfor - @${ECHO_MSG} "===> Creating users and/or groups." - @${ECHO_CMD} "echo \"===> Creating users and/or groups.\"" >> ${_UG_OUTPUT} -.for _group in ${GROUPS} -# _bgpd:*:130: - @if ! ${GREP} -h ^${_group}: ${GID_FILES} >/dev/null 2>&1; then \ - ${ECHO_CMD} "** Cannot find any information about group \`${_group}' in ${GID_FILES}."; \ - exit 1; \ - fi - @IFS=":"; ${GREP} -h ^${_group}: ${GID_FILES} | head -n 1 | while read group foo gid members; do \ - gid=$$(($$gid+${GID_OFFSET})); \ - ${ECHO_CMD} -e "if ! \$${PW} groupshow $$group >/dev/null 2>&1; then \n \ - echo \"Creating group '$$group' with gid '$$gid'.\" \n \ - \$${PW} groupadd $$group -g $$gid; else echo \"Using existing group '$$group'.\"\nfi" >> ${_UG_OUTPUT}; \ - done -.endfor -.endif -.if defined(USERS) -.for _file in ${UID_FILES} -.if !exists(${_file}) - @${ECHO_CMD} "** ${_file} doesn't exist. Exiting."; exit 1 -.endif -.endfor -.for _user in ${USERS} -# _bgpd:*:130:130:BGP Daemon:/var/empty:/sbin/nologin - @if ! ${GREP} -h ^${_user}: ${UID_FILES} >/dev/null 2>&1; then \ - ${ECHO_CMD} "** Cannot find any information about user \`${_user}' in ${UID_FILES}."; \ - exit 1; \ - fi - @IFS=":"; ${GREP} -h ^${_user}: ${UID_FILES} | head -n 1 | while read login passwd uid gid class change expire gecos homedir shell; do \ - uid=$$(($$uid+${UID_OFFSET})); \ - gid=$$(($$gid+${GID_OFFSET})); \ - class="$${class:+-L }$$class"; \ - homedir=$$(echo $$homedir | sed "s|^/usr/local|${PREFIX}|"); \ - ${ECHO_CMD} -e "if ! \$${PW} usershow $$login >/dev/null 2>&1; then \n \ - echo \"Creating user '$$login' with uid '$$uid'.\" \n \ - \$${PW} useradd $$login -u $$uid -g $$gid $$class -c \"$$gecos\" -d $$homedir -s $$shell \n \ - else \necho \"Using existing user '$$login'.\" \nfi" >> ${_UG_OUTPUT}; \ - case $$homedir in /|/nonexistent|/var/empty) ;; *) ${ECHO_CMD} "${INSTALL} -d -g $$gid -o $$uid $$homedir" >> ${_UG_OUTPUT};; esac; \ - done -.endfor -.if defined(GROUPS) -.for _group in ${GROUPS} -# mail:*:6:postfix,clamav - @IFS=":"; ${GREP} -h ^${_group}: ${GID_FILES} | head -n 1 | while read group foo gid members; do \ - gid=$$(($$gid+${GID_OFFSET})); \ - IFS=","; for _login in $$members; do \ - for _user in ${USERS}; do \ - if [ "x$${_user}" = "x$${_login}" ]; then \ - ${ECHO_CMD} -e "if ! \$${PW} groupshow ${_group} | ${GREP} -qw $${_login}; then \n \ - echo \"Adding user '$${_login}' to group '${_group}'.\" \n \ - \$${PW} groupmod ${_group} -m $${_login} \nfi" >> ${_UG_OUTPUT}; \ - fi; \ - done; \ - done; \ - done -.endfor -.endif -.if defined(USERS) -.for _user in ${USERS} -.if ${OPSYS} != FreeBSD || ${OSVERSION} < 1002000 - @if [ ! ${USERS_BLACKLIST:M${_user}} ]; then \ - ${ECHO_CMD} "@unexec PW=${PW}; \ - if \$${PW} usershow ${_user} >/dev/null 2>&1; then \ - echo \"==> You should manually remove the \\\"${_user}\\\" user. \"; fi" >> ${TMPPLIST}; \ - fi -.else - @if [ ! ${USERS_BLACKLIST:M${_user}} ]; then \ - ${ECHO_CMD} "@unexec if [ -n \"\$${PKG_ROOTDIR}\" -a \"\$${PKG_ROOTDIR}\" != \"/\" ]; then PW=\"${PW} -R \$${PKG_ROOTDIR}\"; else PW=${PW}; fi; \ - if \$${PW} usershow ${_user} >/dev/null 2>&1; then \ - echo \"==> You should manually remove the \\\"${_user}\\\" user. \"; fi" >> ${TMPPLIST}; \ - fi -.endif -.endfor -.endif -.endif + @${SETENV} \ + dp_ECHO_MSG="${ECHO_MSG}" \ + dp_GID_FILES="${GID_FILES}" \ + dp_GID_OFFSET="${GID_OFFSET}" \ + dp_GROUPS_BLACKLIST="${GROUPS_BLACKLIST}" \ + dp_INSTALL="${INSTALL}" \ + dp_OPSYS="${OPSYS}" \ + dp_OSVERSION="${OSVERSION}" \ + dp_PREFIX="${PREFIX}" \ + dp_PW="${PW}" \ + dp_SCRIPTSDIR="${SCRIPTSDIR}" \ + dp_UG_DEINSTALL="${_UG_DEINSTALL}" \ + dp_UG_INSTALL="${_UG_INSTALL}" \ + dp_UID_FILES="${UID_FILES}" \ + dp_UID_OFFSET="${UID_OFFSET}" \ + dp_USERS_BLACKLIST="${USERS_BLACKLIST}" \ + ${SH} ${SCRIPTSDIR}/do-users-groups.sh "${USERS}" "${GROUPS}" .endif .endif