From bebe52ae9576393ebb9d7405fc77fba21e84ba5b Mon Sep 17 00:00:00 2001
From: Louis Rannou <lrannou@baylibre.com>
Date: Thu, 15 Jun 2023 13:43:55 +0200
Subject: [PATCH] base-passwd: add the wheel group

The wheel group is not declared while it can be used to access the systemd
journal and to configure printers in CUPS. It can also be used for su and sudo
permissions.

So far it was created later in the rootfs postcommand systemd_create_users.

Signed-off-by: Louis Rannou <lrannou@baylibre.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---
 .../base-passwd/0007-Add-wheel-group.patch    | 20 +++++++++++++++++++
 .../base-passwd/base-passwd_3.6.1.bb          |  1 +
 2 files changed, 21 insertions(+)
 create mode 100644 meta/recipes-core/base-passwd/base-passwd/0007-Add-wheel-group.patch

diff --git a/meta/recipes-core/base-passwd/base-passwd/0007-Add-wheel-group.patch b/meta/recipes-core/base-passwd/base-passwd/0007-Add-wheel-group.patch
new file mode 100644
index 00000000000..00eaec38a29
--- /dev/null
+++ b/meta/recipes-core/base-passwd/base-passwd/0007-Add-wheel-group.patch
@@ -0,0 +1,20 @@
+
+We need to have a wheel group which has some system privileges to consult the
+systemd journal or manage printers with cups.
+
+Upstream status says the group does not exist by default.
+
+Upstream-Status: Inappropriate [enable feature]
+
+Signed-off-by: Louis Rannou <lrannou@baylibre.com>
+Index: base-passwd-3.5.26/group.master
+===================================================================
+--- base-passwd-3.5.29.orig/group.master
++++ base-passwd-3.5.29/group.master
+@@ -38,5 +38,6 @@
+ staff:*:50:
+ games:*:60:
+ shutdown:*:70:
++wheel:*:80:
+ users:*:100:
+ nogroup:*:65534:
diff --git a/meta/recipes-core/base-passwd/base-passwd_3.6.1.bb b/meta/recipes-core/base-passwd/base-passwd_3.6.1.bb
index 853717176df..204016b3e72 100644
--- a/meta/recipes-core/base-passwd/base-passwd_3.6.1.bb
+++ b/meta/recipes-core/base-passwd/base-passwd_3.6.1.bb
@@ -12,6 +12,7 @@ SRC_URI = "https://launchpad.net/debian/+archive/primary/+files/${BPN}_${PV}.tar
            file://0004-Add-an-input-group-for-the-dev-input-devices.patch \
            file://0005-Add-kvm-group.patch \
            file://0006-Make-it-possible-to-configure-whether-to-use-SELinux.patch \
+           file://0007-Add-wheel-group.patch \
            "
 
 SRC_URI[sha256sum] = "6ff369be59d586ba63c0c5fcb00f75f9953fe49db88bc6c6428f2c92866f79af"
-- 
2.47.3