diff --git a/src/libpriv/rpmostree-passwd-util.c b/src/libpriv/rpmostree-passwd-util.c index b26b68f45f..6d3f13a94e 100644 --- a/src/libpriv/rpmostree-passwd-util.c +++ b/src/libpriv/rpmostree-passwd-util.c @@ -1191,23 +1191,13 @@ rootfs_has_usrlib_passwd (int rootfs_dfd, return TRUE; } -/* We actually want RPM to inject to /usr/lib/passwd - we - * accomplish this by temporarily renaming /usr/lib/passwd -> /usr/etc/passwd - * (Which appears as /etc/passwd via our compatibility symlink in the bubblewrap - * script runner). We also copy the merge deployment's /etc/passwd to - * /usr/lib/passwd, so that %pre scripts are aware of newly added system users - * not in the tree's /usr/lib/passwd (through nss-altfiles in the container). +/* This may be leftover in the tree from an older version of rpm-ostree that + * didn't clean them up at compose time, and having them exist will mean + * rofiles-fuse will prevent useradd from opening it for write. */ gboolean -rpmostree_passwd_prepare_rpm_layering (int rootfs_dfd, - const char *merge_passwd_dir, - gboolean *out_have_passwd, - GCancellable *cancellable, - GError **error) +rpmostree_passwd_cleanup (int rootfs_dfd, GCancellable *cancellable, GError **error) { - /* This may be leftover in the tree, and having it exist will mean - * rofiles-fuse will prevent useradd from opening it for write. - */ for (guint i = 0; i < G_N_ELEMENTS (pwgrp_lock_and_backup_files); i++) { const char *file = pwgrp_lock_and_backup_files[i]; @@ -1223,6 +1213,26 @@ rpmostree_passwd_prepare_rpm_layering (int rootfs_dfd, } } + return TRUE; +} + +/* We actually want RPM to inject to /usr/lib/passwd - we + * accomplish this by temporarily renaming /usr/lib/passwd -> /usr/etc/passwd + * (Which appears as /etc/passwd via our compatibility symlink in the bubblewrap + * script runner). We also copy the merge deployment's /etc/passwd to + * /usr/lib/passwd, so that %pre scripts are aware of newly added system users + * not in the tree's /usr/lib/passwd (through nss-altfiles in the container). + */ +gboolean +rpmostree_passwd_prepare_rpm_layering (int rootfs_dfd, + const char *merge_passwd_dir, + gboolean *out_have_passwd, + GCancellable *cancellable, + GError **error) +{ + if (!rpmostree_passwd_cleanup (rootfs_dfd, cancellable, error)) + return FALSE; + if (!rootfs_has_usrlib_passwd (rootfs_dfd, out_have_passwd, error)) return FALSE; if (!*out_have_passwd) diff --git a/src/libpriv/rpmostree-passwd-util.h b/src/libpriv/rpmostree-passwd-util.h index 17c005be2e..4e6b610fcd 100644 --- a/src/libpriv/rpmostree-passwd-util.h +++ b/src/libpriv/rpmostree-passwd-util.h @@ -63,6 +63,10 @@ rpmostree_generate_passwd_from_previous (OstreeRepo *repo, GCancellable *cancellable, GError **error); + +gboolean +rpmostree_passwd_cleanup (int rootfs_dfd, GCancellable *cancellable, GError **error); + gboolean rpmostree_passwd_prepare_rpm_layering (int rootfs_dfd, const char *merge_passwd_dir, diff --git a/src/libpriv/rpmostree-postprocess.c b/src/libpriv/rpmostree-postprocess.c index cff6e8d1d8..3440bab8d9 100644 --- a/src/libpriv/rpmostree-postprocess.c +++ b/src/libpriv/rpmostree-postprocess.c @@ -1190,6 +1190,7 @@ rpmostree_rootfs_prepare_links (int rootfs_fd, * * - Move /etc to /usr/etc * - Clean up RPM db leftovers + * - Clean /usr/etc/passwd- backup files and such */ gboolean rpmostree_rootfs_postprocess_common (int rootfs_fd, @@ -1236,6 +1237,9 @@ rpmostree_rootfs_postprocess_common (int rootfs_fd, } } + if (!rpmostree_passwd_cleanup (rootfs_fd, cancellable, error)) + goto out; + ret = TRUE; out: return ret; diff --git a/tests/compose-tests/test-basic.sh b/tests/compose-tests/test-basic.sh index 27ff4bd2e7..cef3d94d52 100755 --- a/tests/compose-tests/test-basic.sh +++ b/tests/compose-tests/test-basic.sh @@ -18,6 +18,9 @@ cat > metadata.json < bootls.txt +if ostree --repo=${repobuild} ls -R ${treeref} /usr/etc/passwd-; then + assert_not_reached "Found /usr/etc/passwd- backup file in tree" +fi echo "ok compose" ostree --repo=${repobuild} show --print-metadata-key exampleos.gitrepo ${treeref} > meta.txt