From a9c572aa950e633d6b3dd4bcc05011ebf6b67efe Mon Sep 17 00:00:00 2001 From: HuijingHei Date: Tue, 31 Oct 2023 11:34:49 +0800 Subject: [PATCH] passwd.rs: add condition when adding `passwd/group` content --- rust/src/passwd.rs | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/rust/src/passwd.rs b/rust/src/passwd.rs index 100c29fe33..d35ce326da 100644 --- a/rust/src/passwd.rs +++ b/rust/src/passwd.rs @@ -614,6 +614,7 @@ fn complete_pwgrp(rootfs: &Dir) -> Result<()> { /// This is a pre-commit validation hook which ensures that the upcoming /// users/groups entries are somehow sane. See treefile `check-passwd` and /// `check-groups` fields for a description of available validation knobs. +#[context("Validate users/groups refer to treefile check-passwd/check-groups configuration")] pub fn check_passwd_group_entries( ffi_repo: &crate::ffi::OstreeRepo, rootfs_dfd: i32, @@ -630,8 +631,12 @@ pub fn check_passwd_group_entries( // Parse entries in the upcoming commit content. let mut new_entities = PasswdEntries::default(); - new_entities.add_passwd_content(rootfs.as_raw_fd(), "usr/lib/passwd")?; - new_entities.add_group_content(rootfs.as_raw_fd(), "usr/lib/group")?; + new_entities.add_passwd_content(rootfs.as_raw_fd(), "usr/etc/passwd")?; + new_entities.add_group_content(rootfs.as_raw_fd(), "usr/etc/group")?; + if has_usrlib_passwd(&rootfs)? { + new_entities.add_passwd_content(rootfs.as_raw_fd(), "usr/lib/passwd")?; + new_entities.add_group_content(rootfs.as_raw_fd(), "usr/lib/group")?; + } // Fetch entries from treefile and previous commit, according to config. // These are used as ground-truth by the validation steps below. @@ -679,9 +684,11 @@ impl PasswdDB { pub(crate) fn populate_new(rootfs: &Dir) -> Result { let mut db = Self::default(); db.add_passwd_content(rootfs.as_raw_fd(), "usr/etc/passwd")?; - db.add_passwd_content(rootfs.as_raw_fd(), "usr/lib/passwd")?; db.add_group_content(rootfs.as_raw_fd(), "usr/etc/group")?; - db.add_group_content(rootfs.as_raw_fd(), "usr/lib/group")?; + if has_usrlib_passwd(&rootfs)? { + db.add_passwd_content(rootfs.as_raw_fd(), "usr/lib/passwd")?; + db.add_group_content(rootfs.as_raw_fd(), "usr/lib/group")?; + } Ok(db) }