project-lakitu: cloud-init: configure uid and gid ranges properly
As per the http://go/uid-ranges-on-cos-design, made sure that the cloud-init uids would be in the range [2000 , 5000) and the uid ranges for the user accounts managed by google-accounts-daemon be [65536, 2^32-1)
BUG=b/113297150
TEST=validation test
RELEASE_NOTE=None
Change-Id: I7f8c0876fa75d9115eac0e353a4623fa65598ed6
Reviewed-on: https://cos-review.googlesource.com/c/cos/overlays/board-overlays/+/9341
Reviewed-by: Vaibhav Rustagi <vaibhavrustagi@google.com>
Reviewed-by: Edward Jee <edjee@google.com>
Tested-by: Cusky Presubmit Bot <presubmit@cos-infra-prod.iam.gserviceaccount.com>
diff --git a/project-lakitu/app-emulation/cloud-init/cloud-init-20.1-r5.ebuild b/project-lakitu/app-emulation/cloud-init/cloud-init-20.1-r6.ebuild
similarity index 100%
rename from project-lakitu/app-emulation/cloud-init/cloud-init-20.1-r5.ebuild
rename to project-lakitu/app-emulation/cloud-init/cloud-init-20.1-r6.ebuild
diff --git a/project-lakitu/app-emulation/cloud-init/cloud-init-20.1.ebuild b/project-lakitu/app-emulation/cloud-init/cloud-init-20.1.ebuild
index 1621c6d..d2c9b24 100644
--- a/project-lakitu/app-emulation/cloud-init/cloud-init-20.1.ebuild
+++ b/project-lakitu/app-emulation/cloud-init/cloud-init-20.1.ebuild
@@ -125,9 +125,6 @@
}
pkg_postinst() {
- # [2000, 5000) are reserved for users created by clout-init.
- # Start from 5000 for automatic uid selection in useradd.
- sed -i -r 's/^(UID_MIN\s+)1000/\15000/' "${ROOT}"/etc/login.defs
elog "cloud-init-local needs to be run in the boot runlevel because it"
elog "modifies services in the default runlevel. When a runlevel is started"
diff --git a/project-lakitu/app-emulation/cloud-init/files/20.1-stable-uid.patch b/project-lakitu/app-emulation/cloud-init/files/20.1-stable-uid.patch
index e8f04c8..7b9c0e8 100644
--- a/project-lakitu/app-emulation/cloud-init/files/20.1-stable-uid.patch
+++ b/project-lakitu/app-emulation/cloud-init/files/20.1-stable-uid.patch
@@ -1,8 +1,11 @@
-From c4576e56dbf84c0a10a71cb7fd609c2375b3d290 Mon Sep 17 00:00:00 2001
-From: Wei Xu <weixugc@google.com>
-Date: Tue, 21 Jan 2020 18:27:35 -0800
+From: varsha teratipally <teratipally@google.com>
+Date: Thu, 3 Dec 2020 23:52:59 +0000
Subject: [PATCH] Make UID generation more stable/predictable.
+Below is the original commit message:
+
+-----------------------------------------------------------------------
+
This patch modifies users-groups with the goal of making it behave better in
configuration where /etc/passwd is stateless. Specifically it:
@@ -18,13 +21,22 @@
Original Author: Andrey Ulanov <andreyu@google.com>
Original Date: Thu Feb 25 18:41:48 2016 -0800
----
+
+-----------------------------------------------------------------------
+
+check uid value's sanity and specify gid range
+
+Original Author: Edward Hyunkoo Jee <edjee@google.com>
+Original Date: Fri Apr 05 00:00:00 2019 -0800
+
+-----------------------------------------------------------------------
+
cloudinit/config/cc_users_groups.py | 32 +++++++++++++++++++++++++++++
- cloudinit/distros/__init__.py | 6 ++++--
- 2 files changed, 36 insertions(+), 2 deletions(-)
+ cloudinit/distros/__init__.py | 23 +++++++++++++++++++--
+ 2 files changed, 53 insertions(+), 2 deletions(-)
diff --git a/cloudinit/config/cc_users_groups.py b/cloudinit/config/cc_users_groups.py
-index c32a743a..3bc6d563 100644
+index 13764e60..d0339510 100644
--- a/cloudinit/config/cc_users_groups.py
+++ b/cloudinit/config/cc_users_groups.py
@@ -128,6 +128,9 @@ from cloudinit import log as logging
@@ -81,29 +93,47 @@
+
# vi: ts=4 expandtab
diff --git a/cloudinit/distros/__init__.py b/cloudinit/distros/__init__.py
-index 2b559fe6..02465787 100755
+index 92598a2d..004b24ce 100755
--- a/cloudinit/distros/__init__.py
+++ b/cloudinit/distros/__init__.py
-@@ -396,8 +396,9 @@ class Distro(object):
+@@ -384,6 +384,10 @@ class Distro(metaclass=abc.ABCMeta):
+ # XXX need to make add_user idempotent somehow as we
+ # still want to add groups or modify SSH keys on pre-existing
+ # users in the image.
++
++ UID_GID_MIN = 2000
++ UID_GID_MAX = 4999
++
+ if util.is_user(name):
+ LOG.info("User %s already exists, skipping.", name)
+ return
+@@ -393,8 +397,23 @@ class Distro(metaclass=abc.ABCMeta):
else:
create_groups = True
- useradd_cmd = ['useradd', name]
- log_useradd_cmd = ['useradd', name]
++ if 'uid' in kwargs:
++ try:
++ uid = int(kwargs['uid'])
++ if uid < UID_GID_MIN or uid > UID_GID_MAX:
++ LOG.warn('UID %d is not in [%d, %d]',
++ uid, UID_GID_MIN, UID_GID_MAX)
++ except ValueError as e:
++ LOG.error("Wrong uid: %s", kwargs['uid'])
++ return
++
+ useradd_cmd = ['useradd', name,
-+ '-K', 'UID_MIN=2000', '-K', 'UID_MAX=4999', ]
++ '-K', 'UID_MIN=%d' % UID_GID_MIN,
++ '-K', 'UID_MAX=%d' % UID_GID_MAX,
++ '-K', 'GID_MIN=%d' % UID_GID_MIN,
++ '-K', 'GID_MAX=%d' % UID_GID_MAX]
++
+ log_useradd_cmd = useradd_cmd[:]
if util.system_is_snappy():
useradd_cmd.append('--extrausers')
log_useradd_cmd.append('--extrausers')
-@@ -416,6 +417,7 @@ class Distro(object):
- "expiredate": '--expiredate',
- "inactive": '--inactive',
- "selinux_user": '--selinux-user',
-+ "uid": '--uid',
- }
-
- useradd_flags = {
--
-2.25.1.481.gfbce0eb801-goog
+2.29.2.576.ga3fc446d84-goog
+
