From b08d29df5d865a84467f55bb3b44dd299ffec2b1 Mon Sep 17 00:00:00 2001 From: Oliver Smith Date: Thu, 3 Aug 2023 10:01:28 +0200 Subject: [PATCH] install: get install_user_groups from pmaports.cfg Get the groups from pmaports.cfg in the currently checked out pmaports branch. This is in preparation for removing "input" from the list of default groups to tighten security. We can do it in edge first, fix possible fallout and have it in the next release branch. Related: pmbootstrap issue 2257 Related: https://postmarketos.org/pmaports.cfg Reviewed-by: Luca Weiss Link: https://lists.sr.ht/~postmarketos/pmbootstrap-devel/%3C20230803080203.6549-1-ollieparanoid@postmarketos.org%3E --- pmb/config/__init__.py | 3 --- pmb/install/_install.py | 8 +++++++- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/pmb/config/__init__.py b/pmb/config/__init__.py index e8ed39bc..d0dac15f 100644 --- a/pmb/config/__init__.py +++ b/pmb/config/__init__.py @@ -873,9 +873,6 @@ default_ip = "172.16.42.1" install_native_packages = ["cryptsetup", "util-linux", "parted"] install_device_packages = ["postmarketos-base"] -# Groups for the default user -install_user_groups = ["wheel", "video", "audio", "input", "plugdev", "netdev"] - # # FLASH # diff --git a/pmb/install/_install.py b/pmb/install/_install.py index a4282550..652434ae 100644 --- a/pmb/install/_install.py +++ b/pmb/install/_install.py @@ -204,7 +204,13 @@ def set_user(args): if not pmb.chroot.user_exists(args, args.user, suffix): pmb.chroot.root(args, ["adduser", "-D", "-u", "10000", args.user], suffix) - groups = pmb.install.ui.get_groups(args) + pmb.config.install_user_groups + + pmaports_cfg = pmb.config.pmaports.read_config(args) + groups = [] + groups += pmaports_cfg.get("install_user_groups", + "audio,input,netdev,plugdev,video,wheel").split(",") + groups += pmb.install.ui.get_groups(args) + for group in groups: pmb.chroot.root(args, ["addgroup", "-S", group], suffix, check=False)