From 23e749b62bb4c541d19cf3b79611d9d40cb215e1 Mon Sep 17 00:00:00 2001
From: "Anton D. Kachalov" <gmouse@google.com>
Date: Thu, 4 Feb 2021 13:13:57 +0100
Subject: Enable Systemd NSS module to support DynamicUsers

DynamicUsers flag in systemd service configuration file required to create,
handle and recycle temporary users.

This is essential module for upcoming daemons' privilege separation work.

Reference: https://github.com/openbmc/openbmc/issues/3383

Signed-off-by: Anton D. Kachalov <gmouse@google.com>
Change-Id: Iabd709c4a20f754fc6ea505e640b2d361aba0be2
---
 meta-phosphor/classes/obmc-phosphor-image.bbclass           | 4 +++-
 meta-phosphor/conf/distro/include/phosphor-base.inc         | 2 +-
 meta-phosphor/recipes-core/base-files/base-files_%.bbappend | 2 ++
 meta-phosphor/recipes-core/systemd/systemd_%.bbappend       | 1 +
 4 files changed, 7 insertions(+), 2 deletions(-)

(limited to 'meta-phosphor')

diff --git a/meta-phosphor/classes/obmc-phosphor-image.bbclass b/meta-phosphor/classes/obmc-phosphor-image.bbclass
index 0a07fc6f4..c83dce32f 100644
--- a/meta-phosphor/classes/obmc-phosphor-image.bbclass
+++ b/meta-phosphor/classes/obmc-phosphor-image.bbclass
@@ -88,7 +88,9 @@ remove_etc_version() {
 }
 
 enable_ldap_nsswitch() {
-    sed -i 's/\(\(passwd\|group\|shadow\):\s*\).*/\1files ldap/' \
+    sed -i 's/\(\(passwd\|group\):\s*\).*/\1files systemd ldap/' \
+        "${IMAGE_ROOTFS}${sysconfdir}/nsswitch.conf"
+    sed -i 's/\(shadow:\s*\).*/\1files ldap/' \
         "${IMAGE_ROOTFS}${sysconfdir}/nsswitch.conf"
 }
 
diff --git a/meta-phosphor/conf/distro/include/phosphor-base.inc b/meta-phosphor/conf/distro/include/phosphor-base.inc
index af2e6ef76..5b114810f 100644
--- a/meta-phosphor/conf/distro/include/phosphor-base.inc
+++ b/meta-phosphor/conf/distro/include/phosphor-base.inc
@@ -120,7 +120,7 @@ include conf/distro/include/openbmc-phosphor/${MACHINE}.inc
 IMAGE_CLASSES_append = " image_types_phosphor phosphor-rootfs-postcommands"
 IMAGE_CLASSES_append_npcm7xx = " image_types_phosphor_nuvoton"
 
-IMAGE_INSTALL_append = " dbus-broker"
+IMAGE_INSTALL_append = " dbus-broker libnss-systemd"
 
 # Skip the udev database by default.  It adds around 2MB
 # compressed to the root filesystem, and probably doesn't
diff --git a/meta-phosphor/recipes-core/base-files/base-files_%.bbappend b/meta-phosphor/recipes-core/base-files/base-files_%.bbappend
index b6c4222b2..30e562325 100644
--- a/meta-phosphor/recipes-core/base-files/base-files_%.bbappend
+++ b/meta-phosphor/recipes-core/base-files/base-files_%.bbappend
@@ -10,6 +10,8 @@ SRC_URI += " \
 "
 
 do_install_append() {
+    sed -i 's/\(\(passwd\|group\):\s*\).*/\1files systemd/' \
+        "${D}${sysconfdir}/nsswitch.conf"
 
     install -d ${D}/srv
 
diff --git a/meta-phosphor/recipes-core/systemd/systemd_%.bbappend b/meta-phosphor/recipes-core/systemd/systemd_%.bbappend
index f1046de20..1f0b95e39 100644
--- a/meta-phosphor/recipes-core/systemd/systemd_%.bbappend
+++ b/meta-phosphor/recipes-core/systemd/systemd_%.bbappend
@@ -6,6 +6,7 @@ PACKAGECONFIG = "\
         hostnamed \
         kmod \
         networkd \
+        nss \
         pam \
         randomseed \
         resolved \
-- 
cgit v1.2.3