Add useradd script

Let's automatically invoke useradd with --root when executed outside
of the image chroot.

Fixes #2089

diff --git a/mkosi/__init__.py b/mkosi/__init__.py
index e1211ddf52694e1b15abbd777dd7c4b478aff873..1d1f9f9cb882acd3ebdb55dad284c30f9a37e088 100644 (file)
--- a/mkosi/__init__.py
+++ b/mkosi/__init__.py
@@ -364,8 +364,12 @@ def finalize_host_scripts(
     state: MkosiState,
     helpers: dict[str, Sequence[PathString]],  # FIXME: change dict to Mapping when PyRight is fixed
 ) -> contextlib.AbstractContextManager[Path]:
-    git = {"git": ("git", "-c", "safe.directory=*")} if find_binary("git") else {}
-    return finalize_scripts(git | helpers | package_manager_scripts(state))
+    scripts: dict[str, Sequence[PathString]] = {}
+    if find_binary("git"):
+        scripts["git"] = ("git", "-c", "safe.directory=*")
+    if find_binary("useradd"):
+        scripts["useradd"] = ("useradd", "--root", state.root)
+    return finalize_scripts(scripts | helpers | package_manager_scripts(state))
 
 
 def finalize_chroot_scripts(state: MkosiState) -> contextlib.AbstractContextManager[Path]:

diff --git a/mkosi/resources/mkosi.md b/mkosi/resources/mkosi.md
index d039d2026b1528bfeeee8826c9e758c436ef95f9..1c1f456131eeddaa3f47a56af68ea32440a6e1e4 100644 (file)
--- a/mkosi/resources/mkosi.md
+++ b/mkosi/resources/mkosi.md
@@ -1694,11 +1694,11 @@ available via `$PATH` to simplify common usecases.
   to the name (`mkosi.build.chroot` instead of `mkosi.build`, etc.).
 
 * For all of the supported package managers except portage (`dnf`,
-  `apt`, `pacman`, `zypper`), scripts of the same name are put into
-  `$PATH` that make sure these commands operate on the image's root
+  `rpm`, `apt`, `pacman`, `zypper`), scripts of the same name are put
+  into `$PATH` that make sure these commands operate on the image's root
   directory with the configuration supplied by the user instead of on
-  the host system. This means that from a script, you can do e.g.
-  `dnf install vim` to install vim into the image.
+  the host system. This means that from a script, you can do e.g. `dnf
+  install vim` to install vim into the image.
 
 * `mkosi-as-caller`: This script uses `setpriv` to switch from
   the user `root` in the user namespace used for various build steps
@@ -1716,6 +1716,12 @@ available via `$PATH` to simplify common usecases.
   meson install -C "$BUILDDIR/build" --no-rebuild
   ```
 
+* `git` is automatically invoked with `safe.directory=*` to avoid
+  permissions errors when running as the root user in a user namespace.
+
+* `useradd` is automatically invoked with `--root=$BUILDROOT` when
+  executed outside of the image.
+
 When scripts are executed, any directories that are still writable are
 also made read-only (`/home`, `/var`, `/root`, ...) and only the minimal
 set of directories that need to be writable remain writable. This is to