many: do not use runtime nss when looking up for users/groups from sn…

…apd snap

When snapd runs as a snap, it has its own runtime. This may not have
NSS plugins needed for the host. For example to get users from
AD/LDAP/Kerberos, or systemd-homed, or custom user databses.  In
general we can use tag `osusergo` to make go not to use the local
configuration (i.e. `/etc/nsswitch.conf`), however, even if it is fine
for most databases, we really need users and groups to be resolved
with the host configuration.

To be able to load correctly plugins, we expect the host system to
provide `getent`. And we query `passwd` and `group` databases through
this command.

In the future we should connect the systemd-userdb if it is
running and use `getent` only as fallback.

build-aux/snap/snapcraft.yaml

@@ -99,9 +99,6 @@ parts:
       - squashfs-tools
       - xdelta3
       - zlib1g
-      # This is needed for using os/user on Ubuntu Core
-      # TODO: do not use os/user, but io.systemd.NameServiceSwitch through dbus
-      - libnss-extrausers
     stage:
       - -usr/lib/$CRAFT_ARCH_TRIPLET_BUILD_FOR/ld*.so*
       - -lib32
@@ -112,9 +109,9 @@ parts:
       - -usr/share/man
       - -usr/share/lintian
       - -usr/share/lintian/**
+      - -usr/lib/$CRAFT_ARCH_TRIPLET_BUILD_FOR/libnss_*.so.2
     override-build: |
       craftctl default
-      mv "${CRAFT_PART_INSTALL}/usr/lib/libnss_extrausers.so.2" "${CRAFT_PART_INSTALL}/usr/lib/${CRAFT_ARCH_TRIPLET_BUILD_FOR}/"
       cp -rT "${CRAFT_PART_INSTALL}/lib/${CRAFT_ARCH_TRIPLET_BUILD_FOR}" "${CRAFT_PART_INSTALL}/usr/lib/${CRAFT_ARCH_TRIPLET_BUILD_FOR}"
       rm -rf "${CRAFT_PART_INSTALL}/lib/${CRAFT_ARCH_TRIPLET_BUILD_FOR}"
       rm -f "${CRAFT_PART_INSTALL}/lib/${DYNAMIC_LINKER}"
@@ -305,6 +302,7 @@ parts:
             esac
             ;;
         esac
+        TAGS+=(snap osusergo)
 
         # FIPS specific build tags
         if [ -f fips-build ]; then

client/apps.go

@@ -27,11 +27,11 @@ import (
 	"errors"
 	"fmt"
 	"net/url"
-	"os/user"
 	"strconv"
 	"strings"
 	"time"
 
+	"github.com/snapcore/snapd/osutil/user"
 	"github.com/snapcore/snapd/snap"
 )
 

client/apps_test.go

@@ -22,13 +22,13 @@ package client_test
 import (
 	"encoding/json"
 	"fmt"
-	"os/user"
 	"strconv"
 	"strings"
 
 	"gopkg.in/check.v1"
 
 	"github.com/snapcore/snapd/client"
+	"github.com/snapcore/snapd/osutil/user"
 )
 
 func mksvc(snap, app string) *client.AppInfo {

client/login.go

@@ -24,11 +24,11 @@ import (
 	"encoding/json"
 	"fmt"
 	"os"
-	"os/user"
 	"path/filepath"
 
 	"github.com/snapcore/snapd/osutil"
 	"github.com/snapcore/snapd/osutil/sys"
+	"github.com/snapcore/snapd/osutil/user"
 )
 
 // User holds logged in user information.

cmd/snap/cmd_routine_file_access_test.go

@@ -23,14 +23,14 @@ import (
 	"fmt"
 	"net/http"
 	"net/url"
-	"os/user"
 	"path/filepath"
 	"strings"
 
 	. "gopkg.in/check.v1"
 
 	"github.com/snapcore/snapd/client"
 	snap "github.com/snapcore/snapd/cmd/snap"
+	"github.com/snapcore/snapd/osutil/user"
 )
 
 type SnapRoutineFileAccessSuite struct {

cmd/snap/cmd_run.go

@@ -28,7 +28,6 @@ import (
 	"net"
 	"os"
 	"os/exec"
-	"os/user"
 	"path/filepath"
 	"regexp"
 	"strconv"
@@ -49,6 +48,7 @@ import (
 	"github.com/snapcore/snapd/logger"
 	"github.com/snapcore/snapd/osutil"
 	"github.com/snapcore/snapd/osutil/strace"
+	"github.com/snapcore/snapd/osutil/user"
 	"github.com/snapcore/snapd/sandbox/cgroup"
 	"github.com/snapcore/snapd/sandbox/selinux"
 	"github.com/snapcore/snapd/snap"

cmd/snap/cmd_run_test.go

@@ -26,7 +26,6 @@ import (
 	"fmt"
 	"net/http"
 	"os"
-	"os/user"
 	"path/filepath"
 	"strings"
 	"time"
@@ -40,6 +39,7 @@ import (
 	"github.com/snapcore/snapd/logger"
 	"github.com/snapcore/snapd/osutil"
 	"github.com/snapcore/snapd/osutil/strace"
+	"github.com/snapcore/snapd/osutil/user"
 	"github.com/snapcore/snapd/sandbox/cgroup"
 	"github.com/snapcore/snapd/sandbox/selinux"
 	"github.com/snapcore/snapd/snap"

cmd/snap/cmd_userd_test.go

@@ -25,7 +25,6 @@ import (
 	"net"
 	"net/http"
 	"os"
-	"os/user"
 	"path"
 	"path/filepath"
 	"strings"
@@ -38,6 +37,7 @@ import (
 	"github.com/snapcore/snapd/dirs"
 	"github.com/snapcore/snapd/logger"
 	"github.com/snapcore/snapd/osutil"
+	"github.com/snapcore/snapd/osutil/user"
 	"github.com/snapcore/snapd/testutil"
 	"github.com/snapcore/snapd/usersession/autostart"
 )

cmd/snap/error.go

@@ -25,7 +25,6 @@ import (
 	"fmt"
 	"go/doc"
 	"os"
-	"os/user"
 	"strings"
 	"text/tabwriter"
 
@@ -35,6 +34,7 @@ import (
 	"github.com/snapcore/snapd/i18n"
 	"github.com/snapcore/snapd/logger"
 	"github.com/snapcore/snapd/osutil"
+	"github.com/snapcore/snapd/osutil/user"
 	"github.com/snapcore/snapd/snap/channel"
 	"github.com/snapcore/snapd/strutil"
 )

cmd/snap/export_test.go

@@ -22,7 +22,6 @@ package main
 import (
 	"context"
 	"os"
-	"os/user"
 	"time"
 
 	"github.com/jessevdk/go-flags"
@@ -31,6 +30,7 @@ import (
 	"github.com/snapcore/snapd/cmd/snaplock/runinhibit"
 	"github.com/snapcore/snapd/image"
 	"github.com/snapcore/snapd/osutil"
+	"github.com/snapcore/snapd/osutil/user"
 	"github.com/snapcore/snapd/sandbox/cgroup"
 	"github.com/snapcore/snapd/sandbox/selinux"
 	"github.com/snapcore/snapd/seed/seedwriter"

daemon/api_apps.go

@@ -26,12 +26,12 @@ import (
 	"io"
 	"net/http"
 	"net/url"
-	"os/user"
 	"sort"
 	"strconv"
 	"strings"
 
 	"github.com/snapcore/snapd/client/clientutil"
+	"github.com/snapcore/snapd/osutil/user"
 	"github.com/snapcore/snapd/overlord/auth"
 	"github.com/snapcore/snapd/overlord/servicestate"
 	"github.com/snapcore/snapd/overlord/state"

daemon/api_apps_test.go

@@ -29,7 +29,6 @@ import (
 	"math"
 	"net/http"
 	"net/http/httptest"
-	"os/user"
 	"sort"
 	"strconv"
 	"strings"
@@ -39,6 +38,7 @@ import (
 	"github.com/snapcore/snapd/client"
 	"github.com/snapcore/snapd/client/clientutil"
 	"github.com/snapcore/snapd/daemon"
+	"github.com/snapcore/snapd/osutil/user"
 	"github.com/snapcore/snapd/overlord/hookstate"
 	"github.com/snapcore/snapd/overlord/servicestate"
 	"github.com/snapcore/snapd/overlord/snapstate"

daemon/api_base_test.go

@@ -25,7 +25,6 @@ import (
 	"fmt"
 	"net/http"
 	"os"
-	"os/user"
 	"path/filepath"
 	"time"
 
@@ -41,6 +40,7 @@ import (
 	"github.com/snapcore/snapd/dirs"
 	"github.com/snapcore/snapd/interfaces/ifacetest"
 	"github.com/snapcore/snapd/osutil"
+	"github.com/snapcore/snapd/osutil/user"
 	"github.com/snapcore/snapd/overlord"
 	"github.com/snapcore/snapd/overlord/assertstate"
 	"github.com/snapcore/snapd/overlord/assertstate/assertstatetest"

daemon/api_users_test.go

@@ -23,7 +23,6 @@ import (
 	"bytes"
 	"fmt"
 	"net/http"
-	"os/user"
 	"time"
 
 	"gopkg.in/check.v1"
@@ -32,6 +31,7 @@ import (
 	"github.com/snapcore/snapd/asserts/assertstest"
 	"github.com/snapcore/snapd/client"
 	"github.com/snapcore/snapd/daemon"
+	"github.com/snapcore/snapd/osutil/user"
 	"github.com/snapcore/snapd/overlord/assertstate/assertstatetest"
 	"github.com/snapcore/snapd/overlord/auth"
 	"github.com/snapcore/snapd/overlord/configstate/config"

daemon/export_api_apps_test.go

@@ -20,8 +20,7 @@
 package daemon
 
 import (
-	"os/user"
-
+	"github.com/snapcore/snapd/osutil/user"
 	"github.com/snapcore/snapd/overlord/hookstate"
 	"github.com/snapcore/snapd/overlord/servicestate"
 	"github.com/snapcore/snapd/overlord/state"

daemon/export_test.go

@@ -22,14 +22,14 @@ package daemon
 import (
 	"context"
 	"net/http"
-	"os/user"
 	"time"
 
 	"github.com/gorilla/mux"
 
 	"github.com/snapcore/snapd/asserts/snapasserts"
 	"github.com/snapcore/snapd/boot"
 	"github.com/snapcore/snapd/client/clientutil"
+	"github.com/snapcore/snapd/osutil/user"
 	"github.com/snapcore/snapd/overlord"
 	"github.com/snapcore/snapd/overlord/assertstate"
 	"github.com/snapcore/snapd/overlord/restart"

desktop/portal/document.go

@@ -21,13 +21,13 @@ package portal
 
 import (
 	"fmt"
-	"os/user"
 	"path/filepath"
 	"strings"
 
 	"github.com/snapcore/snapd/dbusutil"
 	"github.com/snapcore/snapd/dirs"
 	"github.com/snapcore/snapd/i18n"
+	"github.com/snapcore/snapd/osutil/user"
 )
 
 const (

desktop/portal/document_test.go

@@ -22,14 +22,14 @@ package portal_test
 import (
 	"errors"
 	"os"
-	"os/user"
 	"path/filepath"
 	"sync"
 
 	"github.com/godbus/dbus"
 	. "gopkg.in/check.v1"
 
 	"github.com/snapcore/snapd/desktop/portal"
+	"github.com/snapcore/snapd/osutil/user"
 	"github.com/snapcore/snapd/testutil"
 )
 

desktop/portal/export_test.go

@@ -20,10 +20,10 @@
 package portal
 
 import (
-	"os/user"
 	"time"
 
 	"github.com/snapcore/snapd/dirs"
+	"github.com/snapcore/snapd/osutil/user"
 )
 
 const (

osutil/export_test.go

@@ -24,11 +24,11 @@ import (
 	"io"
 	"os"
 	"os/exec"
-	"os/user"
 	"syscall"
 	"time"
 
 	"github.com/snapcore/snapd/osutil/sys"
+	"github.com/snapcore/snapd/osutil/user"
 	"github.com/snapcore/snapd/strutil"
 	"github.com/snapcore/snapd/testutil"
 )

osutil/group.go

@@ -22,8 +22,9 @@ package osutil
 import (
 	"bytes"
 	"fmt"
-	"os/user"
 	"strconv"
+
+	"github.com/snapcore/snapd/osutil/user"
 )
 
 // FindUid returns the identifier of the given UNIX user name. It will

osutil/group_test.go

@@ -21,11 +21,11 @@ package osutil_test
 
 import (
 	"fmt"
-	"os/user"
 
 	"gopkg.in/check.v1"
 
 	"github.com/snapcore/snapd/osutil"
+	"github.com/snapcore/snapd/osutil/user"
 	"github.com/snapcore/snapd/testutil"
 )
 

osutil/strace/strace.go

@@ -22,12 +22,12 @@ package strace
 import (
 	"fmt"
 	"os/exec"
-	"os/user"
 	"path/filepath"
 	"runtime"
 
 	"github.com/snapcore/snapd/dirs"
 	"github.com/snapcore/snapd/osutil"
+	"github.com/snapcore/snapd/osutil/user"
 )
 
 // These syscalls are excluded because they make strace hang on all or

osutil/strace/strace_test.go

@@ -21,14 +21,14 @@ package strace_test
 
 import (
 	"os"
-	"os/user"
 	"path/filepath"
 	"testing"
 
 	. "gopkg.in/check.v1"
 
 	"github.com/snapcore/snapd/dirs"
 	"github.com/snapcore/snapd/osutil/strace"
+	"github.com/snapcore/snapd/osutil/user"
 	"github.com/snapcore/snapd/testutil"
 )
 

osutil/user.go

@@ -23,14 +23,14 @@ import (
 	"fmt"
 	"os"
 	"os/exec"
-	"os/user"
 	"path/filepath"
 	"regexp"
 	"strconv"
 	"strings"
 	"syscall"
 
 	"github.com/snapcore/snapd/osutil/sys"
+	"github.com/snapcore/snapd/osutil/user"
 )
 
 var (