Merge commit 'd6ea2a5466cc2fe9d4f55b617ed230e1f4b26ef8' into cros_sdk
Update eclass-overlay to CrOS version 14056.0.0
BUG=b/192265868
TEST=local BE run
RELEASE_NOTE=Updated ChromeOS base to ChromeOS version 14056.0.0.
Signed-off-by: Robert Kolchmeyer <rkolchmeyer@google.com>
Change-Id: Ibff8a2228393cfe276db6033e64585af88b8b76b
diff --git a/eclass/optfeature.eclass b/eclass/optfeature.eclass
new file mode 100644
index 0000000..f6a2d6e
--- /dev/null
+++ b/eclass/optfeature.eclass
@@ -0,0 +1,20 @@
+# Copyright 1999-2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+# @ECLASS: optfeature.eclass
+# @MAINTAINER:
+# base-system@gentoo.org
+# @BLURB: Advertise optional functionality that might be useful to users
+
+case ${EAPI:-0} in
+ [0-7]) ;;
+ *) die "Unsupported EAPI=${EAPI} (unknown) for ${ECLASS}" ;;
+esac
+
+if [[ -z ${_OPTFEATURE_ECLASS} ]]; then
+_OPTFEATURE_ECLASS=1
+
+# Stub this out for CrOS as it's just annoying log spam for us.
+optfeature() { :; }
+
+fi
diff --git a/metadata/md5-cache/acct-group/docker-0.0.1 b/metadata/md5-cache/acct-group/docker-0.0.1
new file mode 100644
index 0000000..4187ddc
--- /dev/null
+++ b/metadata/md5-cache/acct-group/docker-0.0.1
@@ -0,0 +1,8 @@
+DEFINED_PHASES=setup
+DEPEND=sys-apps/baselayout
+EAPI=7
+KEYWORDS=*
+RDEPEND=sys-apps/baselayout
+SLOT=0
+_eclasses_=user 7c566af8c48023219fd63246e88d6621
+_md5_=f5cb9ce94ff461698f8f10576cec2cec
diff --git a/profiles/base/accounts/group/chronos-access b/profiles/base/accounts/group/chronos-access
index 6994e35..94a4447 100644
--- a/profiles/base/accounts/group/chronos-access
+++ b/profiles/base/accounts/group/chronos-access
@@ -4,4 +4,4 @@
# mostly system daemons running as a non-chronos user, group permissions
# to access files/directories owned by chronos.
# This includes all users accessing opencryptoki database files.
-users:root,ipsec,chronos,cros-disks,imageloaderd,crash
+users:root,vpn,chronos,cros-disks,imageloaderd,crash,dlp,image-burner
diff --git a/profiles/base/accounts/group/cronista b/profiles/base/accounts/group/cronista
new file mode 100644
index 0000000..33ac59a
--- /dev/null
+++ b/profiles/base/accounts/group/cronista
@@ -0,0 +1,3 @@
+group:cronista
+gid:20170
+users:cronista
diff --git a/profiles/base/accounts/group/disk b/profiles/base/accounts/group/disk
index f425190..9ce306f 100644
--- a/profiles/base/accounts/group/disk
+++ b/profiles/base/accounts/group/disk
@@ -1,3 +1,3 @@
group:disk
gid:6
-users:root,adm,cros-disks,cros_healthd
+users:root,adm,cros-disks,cros_healthd,image-burner
diff --git a/profiles/base/accounts/group/dlp b/profiles/base/accounts/group/dlp
new file mode 100644
index 0000000..2672033
--- /dev/null
+++ b/profiles/base/accounts/group/dlp
@@ -0,0 +1,3 @@
+group:dlp
+gid:20173
+users:dlp
diff --git a/profiles/base/accounts/group/drm_dp_aux b/profiles/base/accounts/group/drm_dp_aux
index eb5f772..654db4f 100644
--- a/profiles/base/accounts/group/drm_dp_aux
+++ b/profiles/base/accounts/group/drm_dp_aux
@@ -2,4 +2,5 @@
gid:407
# fwupdate-drm_dp_aux: For firmware updater utilities that use /dev/drm_dp_aux* devices.
# fwupdate-drm_dp_aux-i2c: For firmware updater utilities that use /dev/drm_dp_aux* and /dev/i2c-* devices.
-users:fwupdate-drm_dp_aux,fwupdate-drm_dp_aux-i2c
+# fwupd: For fwupd firmware updates that use /dev/drm_dp_aux* devices.
+users:fwupdate-drm_dp_aux,fwupdate-drm_dp_aux-i2c,fwupd
diff --git a/profiles/base/accounts/group/fuse-archivemount b/profiles/base/accounts/group/fuse-archivemount
new file mode 100644
index 0000000..3293c9f
--- /dev/null
+++ b/profiles/base/accounts/group/fuse-archivemount
@@ -0,0 +1,2 @@
+group:fuse-archivemount
+gid:311
diff --git a/profiles/base/accounts/group/hotline b/profiles/base/accounts/group/hotline
index 7c84148..269eccd 100644
--- a/profiles/base/accounts/group/hotline
+++ b/profiles/base/accounts/group/hotline
@@ -1,3 +1,3 @@
group:hotline
gid:20157
-users:hotline
+users:hotline,hotlog
diff --git a/profiles/base/accounts/group/hotlog b/profiles/base/accounts/group/hotlog
index 07621ef..d494e7e 100644
--- a/profiles/base/accounts/group/hotlog
+++ b/profiles/base/accounts/group/hotlog
@@ -1,3 +1,3 @@
group:hotlog
-gid:20169
+gid:20171
users:hotlog
diff --git a/profiles/base/accounts/group/hpsd b/profiles/base/accounts/group/hpsd
new file mode 100644
index 0000000..d343c3c
--- /dev/null
+++ b/profiles/base/accounts/group/hpsd
@@ -0,0 +1,3 @@
+group:hpsd
+gid:20179
+users:hpsd
diff --git a/profiles/base/accounts/group/i2c b/profiles/base/accounts/group/i2c
index bafc667..29ac298 100644
--- a/profiles/base/accounts/group/i2c
+++ b/profiles/base/accounts/group/i2c
@@ -2,5 +2,6 @@
gid:404
# fwupdate-drm_dp_aux-i2c: For firmware updater utilities that use /dev/drm_dp_aux* and /dev/i2c-* devices.
# fwupdate-i2c: For firmware updater utilities that use /dev/i2c-* devices.
+# fwupd: For fwupd firmware updates that use /dev/i2c-* devices.
# power: Give the power manager access to I2C devices so it can adjust external display brightness via DDC.
-users:fwupdate-drm_dp_aux-i2c,fwupdate-i2c,power
+users:fwupdate-drm_dp_aux-i2c,fwupdate-i2c,fwupd,power
diff --git a/profiles/base/accounts/group/image-burner b/profiles/base/accounts/group/image-burner
new file mode 100644
index 0000000..eb12954
--- /dev/null
+++ b/profiles/base/accounts/group/image-burner
@@ -0,0 +1,3 @@
+group:image-burner
+gid:310
+users:image-burner
diff --git a/profiles/base/accounts/group/ipsec b/profiles/base/accounts/group/ipsec
index b69189f..6324f46 100644
--- a/profiles/base/accounts/group/ipsec
+++ b/profiles/base/accounts/group/ipsec
@@ -2,4 +2,5 @@
gid:212
# Prepare to run shill as non-root user 'shill', but let it chgrp() files to
# 'ipsec'.
-users:shill
+users:
+defunct:true
diff --git a/profiles/base/accounts/group/ml-service-dbus b/profiles/base/accounts/group/ml-service-dbus
new file mode 100644
index 0000000..89488a8
--- /dev/null
+++ b/profiles/base/accounts/group/ml-service-dbus
@@ -0,0 +1,3 @@
+group:ml-service-dbus
+gid:20177
+users:ml-service-dbus
diff --git a/profiles/base/accounts/group/pkcs11 b/profiles/base/accounts/group/pkcs11
index 54e0a70..a74b556 100644
--- a/profiles/base/accounts/group/pkcs11
+++ b/profiles/base/accounts/group/pkcs11
@@ -1,4 +1,4 @@
group:pkcs11
gid:208
# These users all need access to PKCS #11 crypto services.
-users:root,ipsec,chronos,chaps,wpa,attestation
+users:root,vpn,chronos,chaps,wpa,attestation
diff --git a/profiles/base/accounts/group/policy-readers b/profiles/base/accounts/group/policy-readers
index 0e76e2a..075b4c0 100644
--- a/profiles/base/accounts/group/policy-readers
+++ b/profiles/base/accounts/group/policy-readers
@@ -1,4 +1,4 @@
# Members have read access to the device policy in /var/lib/whitelist.
group:policy-readers
gid:303
-users:attestation,authpolicyd,chronos,u2f,shill
+users:attestation,authpolicyd,chronos,hardware_verifier,u2f,shill
diff --git a/profiles/base/accounts/group/resourced b/profiles/base/accounts/group/resourced
new file mode 100644
index 0000000..a525186
--- /dev/null
+++ b/profiles/base/accounts/group/resourced
@@ -0,0 +1,3 @@
+group:resourced
+gid:20175
+users:resourced
diff --git a/profiles/base/accounts/group/rmad b/profiles/base/accounts/group/rmad
new file mode 100644
index 0000000..6fc3088
--- /dev/null
+++ b/profiles/base/accounts/group/rmad
@@ -0,0 +1,3 @@
+group:rmad
+gid:20176
+users:rmad
diff --git a/profiles/base/accounts/group/rmtfs b/profiles/base/accounts/group/rmtfs
index b57e594..a2adef7 100644
--- a/profiles/base/accounts/group/rmtfs
+++ b/profiles/base/accounts/group/rmtfs
@@ -1,3 +1,3 @@
group:rmtfs
gid:306
-users:rmtfs
+users:rmtfs,shill
diff --git a/profiles/base/accounts/group/secanomaly b/profiles/base/accounts/group/secanomaly
new file mode 100644
index 0000000..d7b2a30
--- /dev/null
+++ b/profiles/base/accounts/group/secanomaly
@@ -0,0 +1,3 @@
+group:secanomaly
+gid:20178
+users:secanomaly
diff --git a/profiles/base/accounts/group/shill b/profiles/base/accounts/group/shill
index 7fe6d71..f0b9000 100644
--- a/profiles/base/accounts/group/shill
+++ b/profiles/base/accounts/group/shill
@@ -1,3 +1,3 @@
group:shill
gid:20104
-users:shill,ipsec
+users:shill,vpn
diff --git a/profiles/base/accounts/group/tpm_tunneld b/profiles/base/accounts/group/tpm_tunneld
new file mode 100644
index 0000000..fe56cc2
--- /dev/null
+++ b/profiles/base/accounts/group/tpm_tunneld
@@ -0,0 +1,3 @@
+group:tpm_tunneld
+gid:20180
+users:tpm_tunneld
diff --git a/profiles/base/accounts/group/tun b/profiles/base/accounts/group/tun
index 8d97b6c..84cfa4a 100644
--- a/profiles/base/accounts/group/tun
+++ b/profiles/base/accounts/group/tun
@@ -1,4 +1,4 @@
# Members of this group have write access to /dev/net/tun.
group:tun
gid:413
-users:crosvm,shill,wpan
+users:crosvm,shill,vpn,wpan
diff --git a/profiles/base/accounts/group/usb b/profiles/base/accounts/group/usb
index 3a95228..5e38d3b 100644
--- a/profiles/base/accounts/group/usb
+++ b/profiles/base/accounts/group/usb
@@ -3,4 +3,5 @@
# mtp for access to media on phones/tablets; brltty for braille.
# dlm for DisplayLinkManager daemon access to usb.
# modem for modemfwd access to update modem devices.
-users:mtp,brltty,dlm,modem
+# fwupd: For fwupd firmware updates that use usb devices.
+users:mtp,brltty,dlm,modem,fwupd
diff --git a/profiles/base/accounts/group/video b/profiles/base/accounts/group/video
index 6347d0b..1c41640 100644
--- a/profiles/base/accounts/group/video
+++ b/profiles/base/accounts/group/video
@@ -1,3 +1,3 @@
group:video
gid:27
-users:root,chronos,arc-camera,dlm,rtanalytics,crosvm,cfm-monitor,smdisplay,cdm-oemcrypto
+users:root,chronos,arc-camera,dlm,rtanalytics,crosvm,cfm-monitor,runtime_probe,smdisplay,cdm-oemcrypto
diff --git a/profiles/base/accounts/group/vpn b/profiles/base/accounts/group/vpn
new file mode 100644
index 0000000..1bfc2c2
--- /dev/null
+++ b/profiles/base/accounts/group/vpn
@@ -0,0 +1,5 @@
+# Members of this group have access to the files used by VPN clients
+# (e.g., configuration files)
+group:vpn
+gid:20174
+users:vpn,shill
diff --git a/profiles/base/accounts/user/cronista b/profiles/base/accounts/user/cronista
new file mode 100644
index 0000000..dd102d5
--- /dev/null
+++ b/profiles/base/accounts/user/cronista
@@ -0,0 +1,6 @@
+user:cronista
+uid:20170
+gid:20170
+gecos:Authenticated log and storage daemon
+home:/dev/null
+shell:/bin/false
diff --git a/profiles/base/accounts/user/dlp b/profiles/base/accounts/user/dlp
new file mode 100644
index 0000000..05968da
--- /dev/null
+++ b/profiles/base/accounts/user/dlp
@@ -0,0 +1,6 @@
+user:dlp
+uid:20173
+gid:20173
+gecos:CrOS System-wide DLP daemon
+home:/dev/null
+shell:/bin/false
diff --git a/profiles/base/accounts/user/fuse-archivemount b/profiles/base/accounts/user/fuse-archivemount
new file mode 100644
index 0000000..eccd860
--- /dev/null
+++ b/profiles/base/accounts/user/fuse-archivemount
@@ -0,0 +1,6 @@
+user:fuse-archivemount
+uid:311
+gid:311
+gecos:FUSE-based archive mounter
+home:/dev/null
+shell:/bin/false
diff --git a/profiles/base/accounts/user/hotlog b/profiles/base/accounts/user/hotlog
index 862b4d3..a1d5134 100644
--- a/profiles/base/accounts/user/hotlog
+++ b/profiles/base/accounts/user/hotlog
@@ -1,6 +1,6 @@
user:hotlog
-uid:20169
-gid:20169
+uid:20171
+gid:20171
gecos:CfM cloud logging service
home:/dev/null
shell:/bin/false
diff --git a/profiles/base/accounts/user/hpsd b/profiles/base/accounts/user/hpsd
new file mode 100644
index 0000000..2290286
--- /dev/null
+++ b/profiles/base/accounts/user/hpsd
@@ -0,0 +1,6 @@
+user:hpsd
+uid:20179
+gid:20179
+gecos:CrOS HPS service daemon (go/cros-hps)
+home:/dev/null
+shell:/bin/false
diff --git a/profiles/base/accounts/user/image-burner b/profiles/base/accounts/user/image-burner
new file mode 100644
index 0000000..b4936d5
--- /dev/null
+++ b/profiles/base/accounts/user/image-burner
@@ -0,0 +1,6 @@
+user:image-burner
+uid:310
+gid:310
+gecos:CrOS Image Burner daemon
+home:/dev/null
+shell:/bin/false
diff --git a/profiles/base/accounts/user/ipsec b/profiles/base/accounts/user/ipsec
index 4cd53af..799591a 100644
--- a/profiles/base/accounts/user/ipsec
+++ b/profiles/base/accounts/user/ipsec
@@ -4,3 +4,4 @@
gecos:strongswan, other ipsec VPNs
home:/dev/null
shell:/bin/false
+defunct:true
diff --git a/profiles/base/accounts/user/ml-service-dbus b/profiles/base/accounts/user/ml-service-dbus
new file mode 100644
index 0000000..c865742
--- /dev/null
+++ b/profiles/base/accounts/user/ml-service-dbus
@@ -0,0 +1,6 @@
+user:ml-service-dbus
+uid:20177
+gid:20177
+gecos:Owner of the CrOS Machine Learning D-Bus service
+home:/dev/null
+shell:/bin/false
diff --git a/profiles/base/accounts/user/resourced b/profiles/base/accounts/user/resourced
new file mode 100644
index 0000000..fc000e0
--- /dev/null
+++ b/profiles/base/accounts/user/resourced
@@ -0,0 +1,6 @@
+user:resourced
+uid:20175
+gid:20175
+gecos:resourced provides a D-Bus interface for getting resource usage stats
+home:/dev/null
+shell:/bin/false
diff --git a/profiles/base/accounts/user/rmad b/profiles/base/accounts/user/rmad
new file mode 100644
index 0000000..4178571
--- /dev/null
+++ b/profiles/base/accounts/user/rmad
@@ -0,0 +1,6 @@
+user:rmad
+uid:20176
+gid:20176
+gecos:CrOS RMA daemon
+home:/dev/null
+shell:/bin/false
diff --git a/profiles/base/accounts/user/secanomaly b/profiles/base/accounts/user/secanomaly
new file mode 100644
index 0000000..e6669d0
--- /dev/null
+++ b/profiles/base/accounts/user/secanomaly
@@ -0,0 +1,6 @@
+user:secanomaly
+uid:20178
+gid:20178
+gecos:security anomaly detection daemon
+home:/dev/null
+shell:/bin/false
diff --git a/profiles/base/accounts/user/tpm_tunneld b/profiles/base/accounts/user/tpm_tunneld
new file mode 100644
index 0000000..3416252
--- /dev/null
+++ b/profiles/base/accounts/user/tpm_tunneld
@@ -0,0 +1,6 @@
+user:tpm_tunneld
+uid:20180
+gid:20180
+gecos:CrOS TPM tunnel daemon for pinweaver-CSME
+home:/dev/null
+shell:/bin/false
diff --git a/profiles/base/accounts/user/vpn b/profiles/base/accounts/user/vpn
new file mode 100644
index 0000000..2236ba3
--- /dev/null
+++ b/profiles/base/accounts/user/vpn
@@ -0,0 +1,6 @@
+user:vpn
+uid:20174
+gid:20174
+gecos:CrOS VPN clients
+home:/dev/null
+shell:/bin/false
