install: get install_user_groups from pmaports.cfg

Get the groups from pmaports.cfg in the currently checked out pmaports branch. This is in preparation for removing "input" from the list of default groups to tighten security. We can do it in edge first, fix possible fallout and have it in the next release branch. Related: pmbootstrap issue 2257 Related: https://postmarketos.org/pmaports.cfg Reviewed-by: Luca Weiss <luca@z3ntu.xyz> Link: https://lists.sr.ht/~postmarketos/pmbootstrap-devel/%3C20230803080203.6549-1-ollieparanoid@postmarketos.org%3E
2023-08-03 10:01:28 +02:00 · 2023-08-03 10:01:28 +02:00 · b08d29df5d
parent 17ce5e611c
commit b08d29df5d
2 changed files with 7 additions and 4 deletions
--- a/pmb/config/init.py
+++ b/pmb/config/init.py
@ -873,9 +873,6 @@ default_ip = "172.16.42.1"
 install_native_packages = ["cryptsetup", "util-linux", "parted"]
 install_device_packages = ["postmarketos-base"]

-# Groups for the default user
-install_user_groups = ["wheel", "video", "audio", "input", "plugdev", "netdev"]
-
 #
 # FLASH
 #
--- a/pmb/install/_install.py
+++ b/pmb/install/_install.py
@ -204,7 +204,13 @@ def set_user(args):
    if not pmb.chroot.user_exists(args, args.user, suffix):
        pmb.chroot.root(args, ["adduser", "-D", "-u", "10000", args.user],
                        suffix)
-    groups = pmb.install.ui.get_groups(args) + pmb.config.install_user_groups
+
+    pmaports_cfg = pmb.config.pmaports.read_config(args)
+    groups = []
+    groups += pmaports_cfg.get("install_user_groups",
+                               "audio,input,netdev,plugdev,video,wheel").split(",")
+    groups += pmb.install.ui.get_groups(args)
+
    for group in groups:
        pmb.chroot.root(args, ["addgroup", "-S", group], suffix,
                        check=False)