diff options
| -rw-r--r-- | debian/.gitignore | 11 | ||||
| -rw-r--r-- | debian/changelog | 8 | ||||
| -rw-r--r-- | debian/patches/fix-root-option.patch | 53 | ||||
| -rw-r--r-- | debian/patches/locked-user-suffix.patch | 61 | ||||
| -rw-r--r-- | debian/patches/series | 3 | ||||
| -rw-r--r-- | debian/patches/uid-gid-support.patch | 69 | ||||
| -rw-r--r-- | openrc/opensysusers.initd.in | 2 | ||||
| -rwxr-xr-x | sysusers | 61 |
8 files changed, 63 insertions, 205 deletions
diff --git a/debian/.gitignore b/debian/.gitignore new file mode 100644 index 0000000..e3ff0b6 --- /dev/null +++ b/debian/.gitignore @@ -0,0 +1,11 @@ +.debhelper/* +debhelper-build-stamp +files +opensysusers.* +!opensysusers.init +!opensysusers.links +!opensysusers.lintian-overrides +!opensysusers.preinst +!opensysusers.postinst +opensysusers/* + diff --git a/debian/changelog b/debian/changelog index d31c632..e97478b 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,11 @@ +opensysusers (0.7.5-1) unstable; urgency=medium + + * New upstream version 0.7.5. + Closes: #1128803, #1134601 + * d/patches: drop upstreamed patches + + -- Andrea Pappacoda <tachi@debian.org> Fri, 29 May 2026 22:09:18 +0200 + opensysusers (0.7.3-5.1) unstable; urgency=medium * Non-maintainer upload. diff --git a/debian/patches/fix-root-option.patch b/debian/patches/fix-root-option.patch deleted file mode 100644 index 21246f9..0000000 --- a/debian/patches/fix-root-option.patch +++ /dev/null @@ -1,53 +0,0 @@ -Description: Fix --root option - This patch fixes the behaviour of the --root option, by actually prepending - all paths with the given prefix. -Author: Andrea Pappacoda <andrea@pappacoda.it> -Bug: https://github.com/cromerc/opensysusers/issues/4 -Bug-Debian: https://bugs.debian.org/1055517 -Forwarded: https://github.com/cromerc/opensysusers/issues/4#issuecomment-2351643543 -Last-Update: 2024-09-15 - ---- opensysusers-0.7.3.orig/sysusers -+++ opensysusers-0.7.3/sysusers -@@ -15,9 +15,9 @@ warninvalid() { - add_group() { - # add_group <name> <id> - if [ "$2" = '-' ]; then -- grep -q "^$1:" /etc/group || groupadd -r "$1" -- elif ! grep -q "^$1:\|^[^:]*:[^:]*:$2:[^:]*$" /etc/group; then -- groupadd -g "$2" "$1" -+ grep -q "^$1:" "$root/etc/group" || groupadd --prefix "$root" -r "$1" -+ elif ! grep -q "^$1:\|^[^:]*:[^:]*:$2:[^:]*$" "$root/etc/group"; then -+ groupadd --prefix "$root" -g "$2" "$1" - fi - } - -@@ -25,11 +25,11 @@ add_user() { - # add_user <name> <id> <gecos> <home> - if ! id "$1" >/dev/null 2>&1; then - if [ "$2" = '-' ]; then -- useradd -rc "$3" -g "$1" -d "$4" -s '/sbin/nologin' "$1" -+ useradd --prefix "$root" -rc "$3" -g "$1" -d "$4" -s '/sbin/nologin' "$1" - else -- useradd -rc "$3" -u "$2" -g "$1" -d "$4" -s '/sbin/nologin' "$1" -+ useradd --prefix "$root" -rc "$3" -u "$2" -g "$1" -d "$4" -s '/sbin/nologin' "$1" - fi -- passwd -l "$1" >/dev/null 2>&1 -+ passwd --prefix "$root" -l "$1" >/dev/null 2>&1 - fi - } - -@@ -102,10 +102,10 @@ parse_string() { - m) - add_group "${id}" '-' - if id "${name}" >/dev/null 2>&1; then -- usermod -a -G "${id}" "${name}" -+ usermod --prefix "$root" -a -G "${id}" "${name}" - else -- useradd -r -g "${id}" -s '/sbin/nologin' "${name}" -- passwd -l "${name}" >/dev/null 2>&1 -+ useradd --prefix "$root" -r -g "${id}" -s '/sbin/nologin' "${name}" -+ passwd --prefix "$root" -l "${name}" >/dev/null 2>&1 - fi - ;; - r) diff --git a/debian/patches/locked-user-suffix.patch b/debian/patches/locked-user-suffix.patch deleted file mode 100644 index e7dd00c..0000000 --- a/debian/patches/locked-user-suffix.patch +++ /dev/null @@ -1,61 +0,0 @@ -From: Andrew Bower <andrew@bower.uk> -Date: Sun, 26 Oct 2025 16:36:25 +0000 -Subject: Handle locked user type suffix ('u!') - -Bug-Debian: https://bugs.debian.org/1118619 -Forwarded: https://github.com/cromerc/opensysusers/pull/10 - ---- - sysusers | 18 +++++++++++++++--- - 1 file changed, 15 insertions(+), 3 deletions(-) - -diff --git a/sysusers b/sysusers -index 11e999f..8e7e02a 100755 ---- a/sysusers -+++ b/sysusers -@@ -22,7 +22,7 @@ add_group() { - } - - add_user() { -- # add_user <name> <uid> <gid> <gecos> <home> -+ # add_user <name> <uid> <gid> <gecos> <home> [locked]* - if ! id "$1" >/dev/null 2>&1; then - if [ "$2" = '-' ]; then - if [ "$3" = '-' ]; then -@@ -34,6 +34,12 @@ add_user() { - useradd --prefix "$root" -rc "$4" -u "$2" -g "$3" -d "$5" -s '/sbin/nologin' "$1" - fi - passwd --prefix "$root" -l "$1" >/dev/null 2>&1 -+ while [ $# -gt 5 ]; do -+ case "$6" in -+ locked) usermod --prefix "$root" -e 1 "$1" ;; -+ esac -+ shift -+ done - fi - } - -@@ -74,7 +80,8 @@ parse_string() { - - #eval "set -- $1" # do not use eval, see CVE-2021-40084 - set -- $1 -- type="$1" name="$2" id="$3" gecos="$4" home="$5" -+ suffix="${1#?}" -+ type="${1%%${suffix}}" name="$2" id="$3" gecos="$4" home="$5" - - # and now set the GECOS field without eval - if [ "${type}" = u ]; then -@@ -106,7 +113,12 @@ parse_string() { - # No specific gid, create group for this user - add_group "${name}" "${id}" - fi -- add_user "${name}" "${uid}" "${gid}" "${gecos}" "${home}" -+ case "${suffix}" in -+ '!') locked=1;; -+ '') ;; -+ *) warninvalid; return;; -+ esac -+ add_user "${name}" "${uid}" "${gid}" "${gecos}" "${home}" ${locked:+locked} - ;; - g) - case "${id}" in 65535|4294967295) warninvalid; return; esac diff --git a/debian/patches/series b/debian/patches/series deleted file mode 100644 index e66ae27..0000000 --- a/debian/patches/series +++ /dev/null @@ -1,3 +0,0 @@ -fix-root-option.patch -uid-gid-support.patch -locked-user-suffix.patch diff --git a/debian/patches/uid-gid-support.patch b/debian/patches/uid-gid-support.patch deleted file mode 100644 index 3fc96ac..0000000 --- a/debian/patches/uid-gid-support.patch +++ /dev/null @@ -1,69 +0,0 @@ -From 9f8610184c6984ca271ccd4915c23b328491eae2 Mon Sep 17 00:00:00 2001 -From: Samuel Thibault <sthibault@debian.org> -Date: Tue, 24 Jun 2025 23:54:46 +0200 -Origin: upstream, https://github.com/cromerc/opensysusers/pull/9 -Forwarded: https://github.com/cromerc/opensysusers/pull/9 -Bug: https://github.com/cromerc/opensysusers/issues/8 -Bug-Debian: https://bugs.debian.org/1105010 -Reviewed-by: Andrea Pappacoda <tachi@debian.org> -Subject: [PATCH] Support uid:gid - -Note: uid:- does not make sense and is thus rejected - -Fixes #8 ---- - sysusers | 29 +++++++++++++++++++++-------- - 1 file changed, 21 insertions(+), 8 deletions(-) - -diff --git a/sysusers b/sysusers -index 8773e33..922e59d 100755 ---- a/sysusers -+++ b/sysusers -@@ -22,12 +22,16 @@ add_group() { - } - - add_user() { -- # add_user <name> <id> <gecos> <home> -+ # add_user <name> <uid> <gid> <gecos> <home> - if ! id "$1" >/dev/null 2>&1; then - if [ "$2" = '-' ]; then -- useradd --prefix "$root" -rc "$3" -g "$1" -d "$4" -s '/sbin/nologin' "$1" -+ if [ "$3" = '-' ]; then -+ useradd --prefix "$root" -rc "$4" -g "$1" -d "$5" -s '/sbin/nologin' "$1" -+ else -+ useradd --prefix "$root" -rc "$4" -g "$3" -d "$5" -s '/sbin/nologin' "$1" -+ fi - else -- useradd --prefix "$root" -rc "$3" -u "$2" -g "$1" -d "$4" -s '/sbin/nologin' "$1" -+ useradd --prefix "$root" -rc "$4" -u "$2" -g "$3" -d "$5" -s '/sbin/nologin' "$1" - fi - passwd --prefix "$root" -l "$1" >/dev/null 2>&1 - fi -@@ -91,13 +95,22 @@ parse_string() { - fi - - case "${type}" in -- [gu]) -- case "${id}" in 65535|4294967295) warninvalid; return; esac -+ u) -+ uid=${id%%:*} -+ gid=${id##*:} -+ case "${uid}" in 65535|4294967295) warninvalid; return; esac -+ case "${gid}" in 65535|4294967295) warninvalid; return; esac -+ if [ "${uid}" != '-' ] && [ "${gid}" = '-' ]; then warninvalid; return; fi - [ "${home:--}" = '-' ] && home='/' -- add_group "${name}" "${id}" -- if [ "${type}" = u ]; then -- add_user "${name}" "${id}" "${gecos}" "${home}" -+ if [ "${uid}" = "${id}" ]; then -+ # No specific gid, create group for this user -+ add_group "${name}" "${id}" - fi -+ add_user "${name}" "${uid}" "${gid}" "${gecos}" "${home}" -+ ;; -+ g) -+ case "${id}" in 65535|4294967295) warninvalid; return; esac -+ add_group "${name}" "${id}" - ;; - m) - add_group "${id}" '-' diff --git a/openrc/opensysusers.initd.in b/openrc/opensysusers.initd.in index fa380bb..2d3de33 100644 --- a/openrc/opensysusers.initd.in +++ b/openrc/opensysusers.initd.in @@ -1,5 +1,5 @@ #!/sbin/openrc-run -# Copyright (c) 2017 - 2018 Chris Cromer +# Copyright (c) 2017 - 2016 Chris Cromer # Released under the 2-clause BSD license. description="Set up sysusers.d entries" @@ -1,10 +1,10 @@ #!/bin/sh -# Copyright (c) 2018 - 2022 Chris Cromer +# Copyright (c) 2018 - 2026 Chris Cromer # Released under the 2-clause BSD license. # # This is an implementation of the systemd-sysusers command -sysusersver=0.7.3 +sysusersver=0.7.5 warninvalid() { printf "sysusers: %s on line %d of '%s'\n" "${1:-ignoring invalid entry}" \ @@ -15,21 +15,31 @@ warninvalid() { add_group() { # add_group <name> <id> if [ "$2" = '-' ]; then - grep -q "^$1:" /etc/group || groupadd -r "$1" - elif ! grep -q "^$1:\|^[^:]*:[^:]*:$2:[^:]*$" /etc/group; then - groupadd -g "$2" "$1" + grep -q "^$1:" "$root/etc/group" || groupadd --prefix "$root" -r "$1" + elif ! grep -q "^$1:\|^[^:]*:[^:]*:$2:[^:]*$" "$root/etc/group"; then + groupadd --prefix "$root" -g "$2" "$1" fi } add_user() { - # add_user <name> <id> <gecos> <home> + # add_user <name> <uid> <gid> <gecos> <home> [locked]* if ! id "$1" >/dev/null 2>&1; then if [ "$2" = '-' ]; then - useradd -rc "$3" -g "$1" -d "$4" -s '/sbin/nologin' "$1" + if [ "$3" = '-' ]; then + useradd --prefix "$root" -rc "$4" -g "$1" -d "$5" -s '/sbin/nologin' "$1" + else + useradd --prefix "$root" -rc "$4" -g "$3" -d "$5" -s '/sbin/nologin' "$1" + fi else - useradd -rc "$3" -u "$2" -g "$1" -d "$4" -s '/sbin/nologin' "$1" + useradd --prefix "$root" -rc "$4" -u "$2" -g "$3" -d "$5" -s '/sbin/nologin' "$1" fi - passwd -l "$1" >/dev/null 2>&1 + passwd --prefix "$root" -l "$1" >/dev/null 2>&1 + while [ $# -gt 5 ]; do + case "$6" in + locked) usermod --prefix "$root" -e 1 "$1" ;; + esac + shift + done fi } @@ -70,7 +80,8 @@ parse_string() { #eval "set -- $1" # do not use eval, see CVE-2021-40084 set -- $1 - type="$1" name="$2" id="$3" gecos="$4" home="$5" + suffix="${1#?}" + type="${1%%${suffix}}" name="$2" id="${3:--}" gecos="${4:--}" home="$5" # and now set the GECOS field without eval if [ "${type}" = u ]; then @@ -91,21 +102,35 @@ parse_string() { fi case "${type}" in - [gu]) - case "${id}" in 65535|4294967295) warninvalid; return; esac + u) + uid=${id%%:*} + gid=${id##*:} + case "${uid}" in 65535|4294967295) warninvalid; return; esac + case "${gid}" in 65535|4294967295) warninvalid; return; esac + if [ "${uid}" != '-' ] && [ "${gid}" = '-' ]; then warninvalid; return; fi [ "${home:--}" = '-' ] && home='/' - add_group "${name}" "${id}" - if [ "${type}" = u ]; then - add_user "${name}" "${id}" "${gecos}" "${home}" + if [ "${uid}" = "${id}" ]; then + # No specific gid, create group for this user + add_group "${name}" "${id}" fi + case "${suffix}" in + '!') locked=1;; + '') ;; + *) warninvalid; return;; + esac + add_user "${name}" "${uid}" "${gid}" "${gecos}" "${home}" ${locked:+locked} + ;; + g) + case "${id}" in 65535|4294967295) warninvalid; return; esac + add_group "${name}" "${id}" ;; m) add_group "${id}" '-' if id "${name}" >/dev/null 2>&1; then - usermod -a -G "${id}" "${name}" + usermod --prefix "$root" -a -G "${id}" "${name}" else - useradd -r -g "${id}" -s '/sbin/nologin' "${name}" - passwd -l "${name}" >/dev/null 2>&1 + useradd --prefix "$root" -r -g "${id}" -s '/sbin/nologin' "${name}" + passwd --prefix "$root" -l "${name}" >/dev/null 2>&1 fi ;; r) |
